The National Cyber Security Center (NCSC) urgently calls on companies and organizations to update Microsoft Exchange Server. An update from Microsoft that closes three vulnerabilities has been available for some time, but not always installed.
In recent days, the center found that attackers are still actively looking for vulnerable Microsoft Exchange Server systems. The NCSC warns companies therefore use three attack techniques, which have been given the name ProxyShell, ProxyOracle and ProxyToken. ProxyShell is a combination of three vulnerabilities that allows attackers to take over unpatched Microsoft Exchange servers.
Abuse of these vulnerabilities could lead to sensitive information falling into the hands of malicious parties, the NCSC warns. Attackers can also gain further access to the network or take over the entire system.
–
