What is it?
Microsoft Exchange Server (2013, 2016 and 2019) has a vulnerability that allows an attacker to write an arbitrary file and execute it remotely.
An error in the software allows senders to bypass authentication, install programs and run them. When combined with another vulnerability (CVE-2021-26855) these programs can be run as an administrator.
The Packet Storm link below contains a more detailed description of how this vulnerability is exploited.
Why is it a risk?
An attacker can bypass authentication, impersonate an admin, write an arbitrary file and execute it.
This is considered a CRITICAL vulnerability.
How can you mitigate the risk?
Patch your Microsoft Exchange Server to the latest version.
There is a link below to the “One-Click Microsoft Exchange On-Premises Mitigation Tool”; as of March 2021, this is the recommended method for patching your on-premises MS Exchange Server.
The Microsoft Safety Scanner Download link below provides a useful tool for testing your Exchange Server for a variety of security related risks.
Resources:
Detailed Description: Packet Storm – Microsoft Exchange ProxyLogon Remote Code Execution
https://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
Microsoft One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Safety Scanner Download
https://docs.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download?view=o365-worldwide
