A security researcher has released a new proof-of-concept (PoC) that requires only slight modifications to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon bug. Since Microsoft disclosed the Microsoft Exchange security vulnerabilities, known as ProxyLogon, system administrators and security personal have been scrambling to patch and protect vulnerable systems. These attacks are being used to drop web shells, crypto miners, and more recently, the DearCry ransomware on exploited servers. Earlier this week, security researcher Nguyen Jang published a blog with the PoC exploit that when first posted, included a flaw that would make the PoC run incorrectly. It was close enough to working that researchers and attackers alike can develop a functional remote code execution Microsoft Exchange server. Microsoft-owned GitHub took down the PoC to protect devices that are being exploited. This weekend, a separate researcher published a new ProxyLogon PoC that requires very little modification to exploit this flaw. This new PoC, according to Will Dorman a Vulnerability Analyst at the CERT/CC, requires minimal modification and is now within reach of “script kiddies.” A script kiddie is a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is