Original release date: August 21, 2021
Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.
Review the following resources for additional information:
- CISA Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
- CISA web page: Remediating Microsoft Exchange Vulnerabilities
This product is provided subject to this Notification and this Privacy & Use policy.