Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Alert: Protect against Exploitation of ProxyShell

Description 

Security researches have detected active exploitation attempts of ProxyShell vulnerabilities patched by Microsoft in Exchange Servers back in May 2021.

The ProxyShell vulnerabilities being exploited by malicious actors are the following:

 

Affected systems

Microsoft Exchange Server 2013, 2016 and 2019

 

Security Risks

If the identified vulnerabilities in Microsoft Exchange Servers are left unpatched, malicious cyber actors can bypass Access Control Lists (ACLs) controls, elevate privileges on the Exchange ProxyShell backend, permitting the malicious actor to perform unauthenticated, remote code execution.

For the list of security patches released by Microsoft for Exchange servers, please refer to May 11, 2021 Microsoft Security Update

 

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to Microsoft Exchange Servers administrators to:

  1. Apply, if not already done, the latest security updates for the Microsoft Exchange Servers in use in their institution via Security Update for Microsoft Exchange Server 2019, 2016 and 2013,

  2. Regularly examine their systems for any malicious activity,

  3. Prioritize installing security updates for Exchange Servers (On-Premise) that are internet facing,

  4. Before any update task, please ensure you have good backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009

 

Reference

 

23 August 2021

© 2025 National Cyber Security Authority