Security researchers are urging administrators of Microsoft's Exchange to patch their instance as soon as feasible, due to widespread exploitation of the chained ProxyShell vulnerabilities.
Huntress Labs said over the weekend that it had tracked around 1900 of its clients' Exchange servers that had not been fully patched, and were at risk of exploitation.
Attackers are currently using the ProxyShell chain of vulnerabilities to install at least five different web shells to Microsoft Exchange servers.
Three separate vulnerabilities can be exploited through a transmission control protocol port, 445, to execute arbitrary commands on Exchange servers, without authentication.
Huntress Labs said administrators of on-premises Exchange Server 2019, 2016, and 2013 should patch their instances as soon as possible.
Failure to patch could put the servers at risk of ransomware attacks.
The ProxyShell vulnerabilities were discovered by. security researcher Orange Tsai who presented them at the annual Black Hat conference.
Security researcher Kevin Beaumont labelled the remote code execution exploit chain "as serious as they come" and warned that a major hacking campaign against Exchange servers is underway currently.
Beaumont said "it is clear that Microsoft are completely missing in action" and has published an Nmap scanning plug-in on Github to identify vulnerable Exchange servers.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
