A now-patched vulnerability in Microsoft Exchange Server, dubbed ProxyToken, could be abused by an unauthenticated attacker to perform configuration actions on targeted mailboxes.
This latest flaw in the beleaguered platform is tracked as CVE-2021-33766 and is rated 7.3 out of ten on the threat severity scale, and might give rise to the disclosure of personal information if abused.
A hypothetical example of exploitation, according to researchers with the Zero Day Initiative, could lead to an attacker copying all email addresses on a targeted account and forwarding them to an account controlled by the attacker.
The flaw lies in the Delegated Authentication feature, a mechanism in which the front-end site passes authentication requests to the back-end system when it detects the presence of a SecurityToken cookie.
Because Microsoft Exchange needs to be specifically configured to use the feature and have the backend carry out checks, the module that handles this delegation isn’t loaded under a default configuration.
This leads to a bypass as the back-end fails to authenticate incoming requests based on the SecurityToken cookie. The back-end will be completely unaware that it needs to authenticate incoming requests, which means requests can sail through without being subject to authentication on either the front or back-end systems.
RELATED RESOURCE
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID world
Microsoft patched this vulnerability as part of its Patch Tuesday round of fixes for July, with no evidence so far that hackers have exploited it.
Businesses will be put on high alert in light of the existence of another Microsoft Exchange Server flaw, however, following the supply-chain attack earlier in the year.
Hackers linked with the Chinese state exploited four flaws in the platform to launch a series of attacks against potentially hundreds of thousands of victims in March, according to security researchers.
The incident was one of many similar supply-chain attacks during 2021, including the infamous SolarWinds hack towards the end of last year.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
