CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online.
This week’s Risk & Repeat podcast discusses the latest developments around the ProxyShell vulnerabilities in Microsoft Exchange Server.
Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors were actively exploiting the ProxyShell flaws, which allow for remote code execution, and urged organizations to patch the Exchange flaws immediately. Security researchers such as Kevin Beaumont observed malicious activity around vulnerable Exchange servers, including a new ransomware variant known as LockFile.
The threat activity could spell doom for a sizable chunk of Microsoft Exchange customers. According to recent Shodan scans, nearly 50,000 Exchange servers were still vulnerable to ProxyShell — despite the fact that Microsoft released patches for the flaws in April and May.
How dangerous are the ProxyShell vulnerabilities? Why have some organizations been slow to patch the flaws, despite the lessons of the ProxyLogon Exchange server vulnerabilities earlier this year? Should Microsoft have done more to communicate the risk and urge customers to act? SearchSecurity editors Rob Wright and Alex Culafi discuss those questions and more in this episode.