Mass scanning activity detected from different hosts targeting Microsoft Exchange servers vulnerable to ProxyShell (CVE-2021-34473).It is critical to keep your servers patched to the latest security updates. Threat actors are using this leverage to identify the servers which are still unpatched and using this opportunity to deploy ransomware and post exploitations activities. ProxyShell is the name of three vulnerabilities that could be chained by an unauthenticated remote attacker to gain code execution on Microsoft Exchange servers.
Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
Microsoft has released updates to correct this vulnerability. More details can be found at: