CVE-2021-31207: 
vulnerability analysis and mitigation

CVE-2021-31207 is a Microsoft Exchange Server Security Feature Bypass Vulnerability that was disclosed on May 11, 2021. This vulnerability is part of the ProxyShell vulnerability chain, which affects Microsoft Exchange Server installations. The vulnerability was discovered by Orange Tsai from DEVCORE Research Team and was later actively exploited in the wild (ZDI Advisory, CISA Alert).

The vulnerability exists within the handling of mailbox export functionality in Microsoft Exchange Server. The specific flaw stems from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. The vulnerability has been assigned a CVSS score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating its high severity. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed (ZDI Advisory).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of SYSTEM on affected Microsoft Exchange Server installations. An attacker who successfully exploits this vulnerability could gain the ability to write arbitrary files to the system (ZDI Advisory).

Microsoft released security updates to address this vulnerability in the May 2021 security update. Organizations are strongly urged to identify vulnerable systems and immediately apply Microsoft's Security Update, which remediates all three ProxyShell vulnerabilities. The update is available through Windows Update, Microsoft Update Catalog, and Microsoft Download Center (Microsoft Support).