ProxyToken – the Most Recent Microsoft Exchange Vulnerability

Another vulnerability associated with Microsoft Exchange Server has been disclosed. The flaw, dubbed “ProxyToken,” allows remote attackers to bypass authentication and alter an Exchange email server’s backend configuration. This vulnerability could be exploited by a threat actor to copy all emails sent to a specified target account and then forward those emails to a separate account controlled by the attacker. The July 2021 Microsoft Exchange security update addresses ProxyToken and other recently discovered vulnerabilities, such as ProxyShell. At the time of this writing, there is no observation of exploitation in the wild. However, similar to last month’s ProxyShell disclosure, now that details have been made public, threat actors may begin exploiting unpatched systems. Members running Microsoft Exchange Servers are encouraged to update systems with the July 2021 security update. For more on ProxyToken, visit TheRecord. Sysadmins may wish to visit ZeroDayInitiative for a deeper analysis.