First functional PoC exploit for ProxyLogon vulnerabilities published
The tool allows you to exploit a bunch of vulnerabilities, log in to the Microsoft Exchange server and run malicious code.
A Vietnamese security researcher has published the first functional PoC exploit for a group of Microsoft Exchange vulnerabilities called ProxyLogon, actively exploited by hackers of all stripes over the past week.
Several PoC exploits for ProxyLogon have been posted on GitHub over the past few days, but they were either fake or didn't work as expected. However, the tool presented by the Vietnamese researcher is fully functional. The exploit's authenticity has already been confirmed by renowned security researcher Marcus Hutchins.
“I confirm the existence of a PoC exploit for the full chain of exploitation of vulnerabilities in remote code execution. It has a few bugs, but with a few fixes, I was able to install a shell on my test box, ”Hutchins said.
The tool allows you to exploit a bunch of vulnerabilities CVE-2021-26855 and CVE-2021-27065, log in to the Microsoft Exchange server and run malicious code. As it stands, the PoC exploit is not usable, but very easy to tweak to execute the code.
The Vietnamese researcher posted his tool on the Web immediately after the release of a detailed description of the ProxyLogon vulnerabilities from the information security company Praetorian, which decided not to publish its own PoC exploit. Many cybersecurity experts criticize Praetorian's decision to publish its description right now and believe that it can play into the hands of hackers.