Microsoft Exchange ECP Probe (ProxyShell / ProxyLogon) for 2026-03-05

Last Updated: 12:11 UTC

The Exchange Control Panel (/ecp/) is the attack surface for ProxyLogon (CVE-2021-26855) and ProxyShell (CVE-2021-34473/34523/31207). Both exploit chains begin with ECP requests and achieve unauthenticated RCE leading to ASPX webshell deployment on the Exchange server.

CVE References

CVE-2021-26855 CVE-2021-34473

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

  • /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application

Attackers by Country

IP Address : ASN : City/Provider

Share on: