This vulnerability exists in the Microsoft Exchange server attack chain, and this vulnerability is also known as the SSRF vulnerability. Hackers can use this vulnerability to authenticate user access when a hacker establishes an HTTPS connection.
This vulnerability has a score of 7.8 and is classified as a high-severity vulnerability. Therefore, enterprises should not underestimate the harm of this vulnerability to enterprises.
Microsoft Exchange 2013
Microsoft Exchange 2016
Microsoft Exchange 2019
Microsoft Exchange 2010
Ways to Mitigate Vulnerabilities:
The premise of the initial attack is to be able to establish a connection with port 443 (Exchange server port) in the system, of course, this connection is not trusted. It is thus possible to limit untrusted connections in the system, while also establishing a VPN to protect the Exchange server and external access separately.
Knowledge of this mitigation is temporary as it only prevents the initial part of the attack. Other parts of the attack chain can be triggered when the attacker has access.
Microsoft has officially updated the relevant security patches to prevent this vulnerability from harming the system
Microsoft has released a PowerShell script called Test-ProxyLogon.ps1 on GitHub. This script checks whether Microsoft Exchange servers are vulnerable to this vulnerability.