Alert: Protect against Exploitation of ProxyShell
Security researches have detected active exploitation attempts of ProxyShell vulnerabilities patched by Microsoft in Exchange Servers back in May 2021.
The ProxyShell vulnerabilities being exploited by malicious actors are the following:
Remote Code Execution Vulnerability – CVE-2021-34473
Elevation of Privilege Vulnerability – CVE-2021-34523
Security Feature Bypass Vulnerability – CVE-2021-31207
Microsoft Exchange Server 2013, 2016 and 2019
If the identified vulnerabilities in Microsoft Exchange Servers are left unpatched, malicious cyber actors can bypass Access Control Lists (ACLs) controls, elevate privileges on the Exchange ProxyShell backend, permitting the malicious actor to perform unauthenticated, remote code execution.
For the list of security patches released by Microsoft for Exchange servers, please refer to May 11, 2021 Microsoft Security Update
The National Cyber Security Authority (NCSA) strongly recommends to Microsoft Exchange Servers administrators to:
Apply, if not already done, the latest security updates for the Microsoft Exchange Servers in use in their institution via Security Update for Microsoft Exchange Server 2019, 2016 and 2013,
Regularly examine their systems for any malicious activity,
Prioritize installing security updates for Exchange Servers (On-Premise) that are internet facing,
Before any update task, please ensure you have good backup that can easily be restored.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009
23 August 2021
More updates
© 2025 National Cyber Security Authority