In many of the observed ProxyLogon attacks.
ProxyLogon is a pre-authenticated vulnerability, which means that an attacker does NOT need to logon or complete any form of authentication to execute code remotely on the targeted Exchange server. Allowing an attacker to execute commands on an Exchange server by sending commands across port 443. This attack can be used against unpatched mail servers running Exchange version 2013, 20. This is a critical vulnerability on Microsoft Exchange servers that allows an attacker to bypass Exchange authentication by forcing a SSRF request, which allows an attacker to send an arbitrary HTTP request on behalf of the Exchange computer account. ProxyLogon is the name that was given for CVE-2021-26855. Today I would like to do a recap on the well-known ProxyLogon attack. Over the years, we have seen different exploits for Microsoft Exchange that could lead to a full compromise on the Exchange farm, as well as a full compromise on Active Directory. On-Premises Exchange servers are valuable targets for attackers, since it contains critical data and often has wide permissions within AD.
0 kommentar(er)
