Microsoft Exchange Server flaw lets attackers misconfigure mailboxes

Microsoft has patched the ProxyToken vulnerability before any evidence of exploitation has emerged

A now-patched vulnerability in Microsoft Exchange Server, dubbed ProxyToken, could be abused by an unauthenticated attacker to perform configuration actions on targeted mailboxes.

This latest flaw in the beleaguered platform is tracked as CVE-2021-33766 and is rated 7.3 out of ten on the threat severity scale, and might give rise to the disclosure of personal information if abused.

A hypothetical example of exploitation, according to researchers with the Zero Day Initiative, could lead to an attacker copying all email addresses on a targeted account and forwarding them to an account controlled by the attacker.  

The flaw lies in the Delegated Authentication feature, a mechanism in which the front-end site passes authentication requests to the back-end system when it detects the presence of a SecurityToken cookie.

Because Microsoft Exchange needs to be specifically configured to use the feature and have the backend carry out checks, the module that handles this delegation isn’t loaded under a default configuration. 

This leads to a bypass as the back-end fails to authenticate incoming requests based on the SecurityToken cookie. The back-end will be completely unaware that it needs to authenticate incoming requests, which means requests can sail through without being subject to authentication on either the front or back-end systems.

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastDownload now

Microsoft patched this vulnerability as part of its Patch Tuesday round of fixes for July, with no evidence so far that hackers have exploited it.

Businesses will be put on high alert in light of the existence of another Microsoft Exchange Server flaw, however, following the supply-chain attack earlier in the year. 

Hackers linked with the Chinese state exploited four flaws in the platform to launch a series of attacks against potentially hundreds of thousands of victims in March, according to security researchers.

The incident was one of many similar supply-chain attacks during 2021, including the infamous SolarWinds hack towards the end of last year.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Bug fixes and app updates arrive with latest Windows 11 preview build
Microsoft Windows

Bug fixes and app updates arrive with latest Windows 11 preview build

17 Sep 2021
Podcast transcript: Are foldable phones more than a fad?
Mobile

Podcast transcript: Are foldable phones more than a fad?

17 Sep 2021
The IT Pro Podcast: Are foldable phones more than a fad?
Mobile

The IT Pro Podcast: Are foldable phones more than a fad?

17 Sep 2021
Microsoft appoints Brad Smith as vice chair
Careers & training

Microsoft appoints Brad Smith as vice chair

15 Sep 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
The technology powering the future of shopping
Technology

The technology powering the future of shopping

16 Sep 2021