Microsoft fixes a new Exchange Server Vulnerability that put User Mailboxes in Danger

Aftab Alam

4 years ago

Read time 2 minutes

Summary: ProxyToken is one of the flaws encountered in Microsoft Exchange Server during July 2021. Explore the article to find what it actually means and how to protect your Exchange environment. However, use Kernel for Exchange Server Recovery tool to recover data from corrupt or inaccessible Exchange Server.

Free Download 100% Secure

After discovering various sensitive faultiness in Exchange Server, some information has arrived about a new security vulnerability. This issue is termed as ‘ProxyToken‘ with two identifiers – CVE-2021-33766 and ZDI-CAN-13477.

By exploiting this vulnerability, an external attacker or hacker can change the configuration of Exchange mailboxes. It can be used to copy the email address from the account and paste them to the attacker’s account. It was a severe threat that Microsoft has rectified in July 2021.

Understanding the root cause of CVE-2021-33766

Microsoft identified an Exchange Server vulnerability identified as CVE-2021-33766, having tendency to expose user mailboxes to danger. The ProxyToken flaw was reported by researcher Le Xuan Tuyen of the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC). He says that due to the design structure of the Exchange Server, the attacker can gain an entry.

Exchange Server creates two sites in the IIS server. The first website is front-end, which the user connects with HTTP and HTTPS connections. The users access Exchange through this front-end website. Actually, the front-end website is just a proxy site that validates the connection and allows to move into the secondary main site.

Sometimes, a flaw in the ‘Delegated Authentication‘ can bypass the usual first front site and directly go to the main site. The hackers use this flaw to enter Exchange and copy the data of mailboxes.

What is the impact of the vulnerability?

Using the vulnerability CVE-2021-33766, an unauthorized user can get access to:

Unauthorized users can bypass the security measures and land into your user mailboxes.
Cyber breach can lead to theft of crucial business information, such as financial records, personal communication, etc.
Set up mail forwarding rules that would compromise your users’ information leading to undetected information theft.
Such vulnerability could break your customers’ trust causing potential reputational damage.

Microsoft has rectified the flaw and removed the vulnerability. Let’s hope that there are no longer such fault lines in the Exchange Server environment.

Tips to avoid CVE-2021-33766

Here are some tips that you can follow to avoid vulnerabilities, such as CVE-2021-33766:

Make sure to regularly apply security and cumulative updates released by Microsoft.
Scan the Exchange environment on a regular basis to identify any threats and errors.
Disable all the unnecessary protocols, services, and features that make the system prone to error.
Maintain access control to data rather than providing complete access to all the users.
Implement multi-factor authentication for all accounts to enhance the security layer.

Conclusion

Dealing with the vulnerabilities and errors in the Exchange Server right on time is significant to avoid any potential data loss. Being proactive can help you preserve your exchange environment. However, if somehow there occurs corruption in your Exchange server, use Kernel for Exchange Server to recover the lost data. It is a feature rich Exchange recovery software to regain access to your email communication.