ProxyShell - Another MS Exchange Flaw Gaining Traction Among Attackers.


The Client Access Service (CAS), which runs on IIS on port 443, can be used to exploit the newly revealed vulnerabilities in Microsoft Exchange servers. The Autodiscover service and the Exchange PowerShell backend were among the components of Exchange Servers targeted by the attack chain.

The attackers have continued to tweak and finetune their attack exploit. In addition, the attacker was seen using an autodiscovery tool to check for vulnerable exchange servers with a fresh request.

Read More…