This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-ex...
Updated Aug 26, 2021
Version 2.0
Blog Post
Nino_Bilic
Microsoft
MicrosoftFolks - just to clarify a few things (after a few last comments):
We are not aware of a scenario where updates are 'not working'. As far as we know, this is not a thing. If you have done analysis of your breached server that clearly shows that your servers were exploited after all relevant updates were installed (and the server was 'clean' of malicious software before updates were installed) - please open a support ticket with us and we will be glad to work with you on it.
We have been really trying to communicate the need to stay up to date; unfortunately, bad actors do not wait for change management so as soon as vulnerabilities are disclosed, the race is on (this is why it is super important to install updates as they become available). Various scenarios could be at play here, for example: web shells are present on a server via previous vulnerability and no action is taken for months even; one bad actor dropped a web shell a while ago and another decided to use it at the later time. Those are just a few examples.
Updating a server removes the vulnerabilities but the server could still have malicious processes running on it. Vulnerability is a path of how malicious software could be deployed on a server. But if such software is already present, patching the vulnerability by itself does not 'clean' the server.
Please stay safe and update quickly!