As we are aware of one of the worst bug of 2021, as Unauthorised Remote Code Execution in Microsoft Exchange. As the details of bug goes online, many of the state sponsored hackers and APT group are started hacking organization exchange. Even after Microsoft pushed the patch of the vulnerability, zoomeye still shows that there are more than 46,000 exchange which are vulnerable.
A Vietnamese security researcher has published the first functional PoC exploit for a group of Microsoft Exchange vulnerabilities called ProxyLogon, actively exploited by hackers of all stripes over the past week .
Several PoC exploits for ProxyLogon have been posted on GitHub over the past few days, but they were either fake or didn't work as expected. However, the tool presented by the Vietnamese researcher is fully functional. The exploit's authenticity has already been confirmed by renowned security researcher Marcus Hutchins.
“I confirm the existence of a PoC exploit for the full chain of exploitation of vulnerabilities in remote code execution. It has a few bugs, but with a few fixes, I was able to install a shell on my test box, ”Hutchins said.
The tool allows you to exploit a bunch of vulnerabilities CVE-2021-26855 and CVE-2021-27065, log in to the Microsoft Exchange server and run malicious code. As it stands, the PoC exploit is not usable, but very easy to tweak to execute the code.
The Vietnamese researcher posted his tool on the Web immediately after the release of a detailed description of the ProxyLogon vulnerabilities from the information security company Praetorian, which decided not to publish its own PoC exploit. Many cybersecurity experts criticize Praetorian's decision to release its description right now and believe that it could play into the hands of hackers.