Multiple Zero-Days in Microsoft Exchange Server Actively Exploited in the Wild

Multiple Zero-Days in Microsoft Exchange Server Actively Exploited in the Wild

Microsoft has released patches for Exchange Server. The advisory addresses the following vulnerabilities – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Microsoft has also reported that zero-day exploits were being used to attack Microsoft Exchange Server in the wild. Microsoft Threat Intelligence Center (MTIC) claims that this attack was instigated by China-based APT group HAFNIUM. It is a group that primarily targets different industries based in the United States. The attack is initiated with an untrusted connection to an Exchange Server. Though this can be mitigated to some extent by restricting untrusted connections to the server or running the Exchange Server through VPN.


Vulnerability Details

CVE-2021-26855: This is a server-side request forgery vulnerability that allows an attacker to send an arbitrary HTTP request and authenticate as the Exchange Server.

CVE-2021-26857: This vulnerability can lead to remote code execution due to an insecure deserialization vulnerability present in the Unified Messaging Service.

CVE-2021-26858 and CVE-2021-27065: Both vulnerabilities allow an authenticated attacker to write an arbitrary file to any path on the system.


Impact

Successful exploitation of the Exchange Server could result in remote code execution and compromise of the system.


Affected Platforms

The following have been affected:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

Solution

Microsoft has released the patches for the vulnerabilities. It is recommended that the affected systems should be patched as soon as possible. SanerNow can detect these vulnerabilities.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments