Threat actors have continued their search for vulnerable vulnerabilities in Microsoft Exchange servers, cybersecurity experts said at the recent Black Hat 2021 conference.
Kevin Beaumont, a security researcher, discovered the assault. Moreover after his tweet a dangerous actor was probing his Microsoft Exchange whipping of the Auto discover service on server.
Although these initial attempts were unsuccessful, Beaumont later noticed that the attacker had changed his attack strategy. He did to learn new details that have revealed during a black hat presentation by Dev core security researcher Orange Tsai.
New attack vector
A component of the Proxy Shell attack chain targets Microsoft Exchange Auto discover, Tsai said at a seminar on the subject.
After watching Tsai’s conversation, security researchers PeterJson and Jang published an article with technical information. Information about how they managed to recreate the Proxy Shell operation, which seems to teach threat actors some new tricks.
Equipped with new details, the threat participants appear to have managed to find the vulnerable system.
However, Tsai added that while the Proxy Shell vulnerability has addressed. There are now 400,000 Microsoft Exchange servers on the internet. And Beaumont estimates that roughly half of them have not been patched. So this new method will leave them open and discoverable.