Read time 2 minutes
After discovering various sensitive faultiness in Exchange Server, some information has arrived about a new security vulnerability. This issue is termed as ‘ProxyToken‘ with two identifiers – CVE-2021-33766 and ZDI-CAN-13477.
By exploiting this vulnerability, an external attacker or hacker can change the configuration of Exchange mailboxes. It can be used to copy the email address from the account and paste them to the attacker’s account. It was a severe threat that Microsoft has rectified in July 2021.
Microsoft identified an Exchange Server vulnerability identified as CVE-2021-33766, having tendency to expose user mailboxes to danger. The ProxyToken flaw was reported by researcher Le Xuan Tuyen of the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC). He says that due to the design structure of the Exchange Server, the attacker can gain an entry.
Exchange Server creates two sites in the IIS server. The first website is front-end, which the user connects with HTTP and HTTPS connections. The users access Exchange through this front-end website. Actually, the front-end website is just a proxy site that validates the connection and allows to move into the secondary main site.
Sometimes, a flaw in the ‘Delegated Authentication‘ can bypass the usual first front site and directly go to the main site. The hackers use this flaw to enter Exchange and copy the data of mailboxes.
Using the vulnerability CVE-2021-33766, an unauthorized user can get access to:
Microsoft has rectified the flaw and removed the vulnerability. Let’s hope that there are no longer such fault lines in the Exchange Server environment.
Here are some tips that you can follow to avoid vulnerabilities, such as CVE-2021-33766:
Dealing with the vulnerabilities and errors in the Exchange Server right on time is significant to avoid any potential data loss. Being proactive can help you preserve your exchange environment. However, if somehow there occurs corruption in your Exchange server, use Kernel for Exchange Server to recover the lost data. It is a feature rich Exchange recovery software to regain access to your email communication.