Researchers have released details of a serious but now patched bug nicknamed “ProxyToken” in Microsoft’s Exchange Server. The vulnerability, CVE-2021-33766, affects Exchange Server 2013, 2016 and 2019. An attacker could access mailboxes and potentially forward emails they contain to their own account. Microsoft patched the vulnerability in April’s Patch Tuesday updates. The bug was discovered in March by Le Xuan Tuyen of Vietnam Post and Telecommunications Group’s Information Security Center, who reported it to the Zero Day Initiative.”]
Source: https://www.cuinfosecurity.com/proxytoken-bug-put-microsoft-exchange-email-at-risk-a-17430