Exchange ProxyShell and ProxyOracle

26 Aug 2021 - Frank Breedijk

We just opened case DIVD-2021-00022 to address a set of vulnerabilities that enable the ProxyShell and ProxyOracle attacks.

We also released a NSE scanning script so you can test your own server for ProxyOracle.

In the coming days we will be scanning worldwide to identify unpatched and thus vulnerable exchange servers and send notifications to our information sharing partners and individual network administrators.

Last modified: 18 Jan 2023 13:28

DIVD CSIRT

Exchange ProxyShell and ProxyOracle