Exchange is Vulnerable…Again!

Vulnerability Details

In the last few months various vulnerabilities have been found within Microsoft Exchange. In March 2021, Microsoft released patches to mitigate threats caused by 5 CVE’s (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065). In April 2021, the NSA released information to Microsoft to notify them of 4 zero-day attacks that were actively being exploited by a China-based hacking group, dubbed “Hafnium”.

Affected Systems

Currently, the vulnerabilities and zero-day vulnerabilities affect the following Microsoft Exchange versions;

· Exchange Server 2013 CU23

· Exchange Server 2016 CU19 and CU20

· Exchange Server 2019 CU8 and CU9

Remediation

Currently, these vulnerabilities can be remediated by updating Microsoft Exchange to its latest version. The NSA suggests that all critical Microsoft patches released to date be applied as soon as possible because many of the vulnerabilities can lead to persistent access and control of networks. According to Microsoft, Exchange Online customers are already protected and do not need to take any actions or mitigations.

Upon request, the Maryville Cyber Fusion Center can perform a security audit, determining if you are vulnerable to this and suggest or assist with remediation if vulnerabilities exist. Please reach out to cyber@maryville.edu if you have any questions or concerns relating to this vulnerability.

References

Microsoft Security Response Center . (2021, March 15). Microsoft Exchange Server Vulnerabilities Mitigations — updated March 15, 2021. Retrieved April 19, 2021, from https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

BALAJI N. (2019, January 27). Microsoft Exchange Server Zero-day Flaw Exploit Provide Highest Admin Privilege to Hackers. Retrieved April 19, 2021, from https://gbhackers.com/microsoft-exchange-server-zero-day/

Childs, D. (2021, April 13). The April 2021 Security Update Review. Retrieved April 19, 2021, from https://www.zerodayinitiative.com/blog/2021/4/13/the-april-2021-security-update-review

Claburn, T. (2021, April 13). NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches. Retrieved April 19, 2021, from https://www.theregister.com/2021/04/13/patch_tuesday_april/

Mackie, K. (2021, April 13). April Microsoft Security Patches Released, Bringing More Critical Exchange Server Fixes. Retrieved April 19, 2021, from April Microsoft Security Patches Released, Bringing More Critical Exchange Server Fixes

The Exchange Team. (2021, April 13). Released: April 2021 Exchange Server Security Updates. Retrieved April 19, 2021, from https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617