CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass.
CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend
CVE-2021-34473 – Post-auth Arbitrary-File-Write leads to RCE
After complete exploitation of Microsoft exchange Servers, attackers are setting down web shells that are helping them to execute other malicious programs for the elevation of privileges LockFile ransomware manipulates Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities to take over Windows domains and encrypt devices. This LockFile ransomware encrypts all user’s data on the PC (photos, documents, excel tables, music, videos, etc), adds its specific extension to every file, and creates the Recovery_Instructions.html files in every folder which contains encrypted files.
Microsoft Exchange Servers
Microsoft has issued an update to correct this vulnerability. More details can be found at: