Exchange ProxyShell and ProxyOracle
26 Aug 2030 - Frank Breedijk
We just opened case DIVD-2021-00022 to address a set of vulnerabilities that enable the ProxyShell and ProxyOracle attacks.
We also released a NSE scanning script so you can test your own server for ProxyOracle.
In the coming days we will be scanning worldwide to identify unpatched and thus vulnerable exchange servers and send notifications to opur information sharing partners and idividual network administrators.