Technical Advisory: Proxy*Hell Exploit Chains in the Wild
In our series of letters from African journalists, filmmaker and columnist Farai Sevenzo looks at some of the most important technology stories of the past year.
– ProxyShell exploit chainMicrosoft Exchange is an ideal target for these exploit chains for a few different reasons:There is a complex network of frontend and backend services, with legacy code to provide backward compatibility (many to many relationships)Backend services trust the requests from the front-end CAS layer - in the case of an SSRF attack, a valid Kerberos token is generated by CASMultiple backend services that are running as Exchange Server itself (SYSTEM account)Remote PowerShell (RPS) includes hundreds of PowerShell cmdletsIn a relatively short time, multiple combinations of vulnerabilities have been discovered:ProxyLogon – The initial exploit chain was a combination of CVE-2021-26855 and CVE-2021-27065. Microsoft Exchange is an example of an application that is using proxy services to shield the sensitive backend from the untrusted public network. 4 – An example SSRF attack targeting proxy service endpointProxy attacks on Microsoft Exchange – How it started …Most of the vulnerabilities discovered by security researchers are based on flawed implementations – for example, memory bugs or code injections.
Source read time: 15 min - businessinsights.bitdefender.com
Also offered in: Nederlands