{"id":3120,"date":"2025-05-06T01:01:15","date_gmt":"2025-05-06T01:01:15","guid":{"rendered":"http:\/\/localhost\/?p=3120"},"modified":"2025-05-06T01:01:15","modified_gmt":"2025-05-06T01:01:15","slug":"multiple-microsoft-exchange-zero-day-vulnerabilities-proxylogon-exploit-chain","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=3120","title":{"rendered":"Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain"},"content":{"rendered":"<h2>Security Update News<\/h2>\n<h3>Update Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Title<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Update ID<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Type<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">attackerkb<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Published<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-05-05T00:00:00<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Last Updated<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">2025-05-05T00:00:00<\/td>\n<\/tr>\n<\/table>\n<h3>Security Impact<\/h3>\n<table style=\"width:100%; border-collapse: collapse; margin-bottom: 20px;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">CVSS Score<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">9.1<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Severity<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd; color: #cc0000; font-weight: bold;\">CRITICAL<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border: 1px solid #ddd; \">Attack Vector<\/th>\n<td style=\"padding: 8px; border: 1px solid #ddd;\">NETWORK<\/td>\n<\/tr>\n<\/table>\n<h3>Affected CVEs<\/h3>\n<div style=\" padding: 15px; border: 1px solid #ddd; margin-bottom: 20px;\">\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>CVE-2021-26855<\/li>\n<li>CVE-2021-26857<\/li>\n<li>CVE-2021-26858<\/li>\n<li>CVE-2021-27065<\/li>\n<\/ul>\n<\/div>\n<h3>Update Details<\/h3>\n<div style=\"; padding: 15px; border-left: 4px solid #4CAF50; margin-bottom: 20px;\">\nMicrosoft disclosed four actively exploited zero-day vulnerabilities being used to attack on-premises versions of Microsoft Exchange Server. The vulnerabilities identified are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which affect Microsoft Exchange Server. Exchange Online is not affected.<\/p>\n<p>In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.<\/p>\n<p>**Recent assessments:**  <\/p>\n<p>**ccondon-r7** at March 03, 2021 4:10pm UTC reported:<\/p>\n<p>Microsoft released details on an active state-sponsored threat campaign (attributed to HAFNIUM) that is exploiting on-prem Exchange Server installations. Microsoft\u2019s observation was that these were limited, targeted attacks, but as of March 3, 2021, ongoing mass exploitation has been confirmed by multiple sources. More in the Rapid7 analysis tab.<\/p>\n<p>**NinjaOperator** at June 29, 2021 9:51pm UTC reported:<\/p>\n<p>Microsoft released details on an active state-sponsored threat campaign (attributed to HAFNIUM) that is exploiting on-prem Exchange Server installations. Microsoft\u2019s observation was that these were limited, targeted attacks, but as of March 3, 2021, ongoing mass exploitation has been confirmed by multiple sources. More in the Rapid7 analysis tab.<\/p>\n<p>Assessed Attacker Value: 5  <br \/>Assessed Attacker Value: 5Assessed Attacker Value: 5\n<\/div>\n<p><a href=\"https:\/\/attackerkb.com\/topics\/Sw8H0fbJ9O\/multiple-microsoft-exchange-zero-day-vulnerabilities---proxylogon-exploit-chain\" target=\"_blank\" style=\"display: inline-block; color: white; padding: 10px 20px; text-decoration: none; border-radius: 4px;\">View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Update News Update Information Title Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain Update ID AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2 Type attackerkb Published 2025-05-05T00:00:00 Last Updated 2025-05-05T00:00:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[103,9,6,8,10,12,13,7,11,5],"class_list":["post-3120","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-attackerkb","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=3120\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain Update ID AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2 Type attackerkb Published 2025-05-05T00:00:00 Last Updated 2025-05-05T00:00:00...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=3120\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-06T01:01:15+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain\",\"datePublished\":\"2025-05-06T01:01:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120\"},\"wordCount\":299,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"attackerkb\",\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.1\",\"exploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3120#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120\",\"name\":\"Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-06T01:01:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=3120\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=3120#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=3120","og_locale":"en_US","og_type":"article","og_title":"Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem","og_description":"Security Update News Update Information Title Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain Update ID AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2 Type attackerkb Published 2025-05-05T00:00:00 Last Updated 2025-05-05T00:00:00...","og_url":"https:\/\/zero.redgem.net\/?p=3120","og_site_name":"zero redgem","article_published_time":"2025-05-06T01:01:15+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=3120#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=3120"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain","datePublished":"2025-05-06T01:01:15+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=3120"},"wordCount":299,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["attackerkb","CRITICAL","CVE","CVSS","CVSS-9.1","exploit","news","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=3120#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=3120","url":"https:\/\/zero.redgem.net\/?p=3120","name":"Multiple Microsoft Exchange zero-day vulnerabilities - ProxyLogon Exploit Chain - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-06T01:01:15+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=3120#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=3120"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=3120#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Multiple Microsoft Exchange zero-day vulnerabilities &#8211; ProxyLogon Exploit Chain"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3120"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/3120\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}