<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
" style="background-color: #2c3e50;">
 

News

Active Exploitation of Microsoft Exchange On-Prem Vulnerabilities

Posted by Mark McIntosh on Mar 3, 2021 10:57:47 AM
Mark McIntosh
Find me on:

Microsoft has recently released a group of updates to prevent attacks on the following vulnerabilities for Exchange on-premises:

CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange that allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.

CVE-2021-26858 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

CVE-2021-27065 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.

Ref: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

 

The patches that Microsoft has released can only be applied to the following specific versions:

If your server is not on one of these currently supported update versions, you will first need to apply previous updates to your Exchange server to reach the minimum requirement above.

KiZAN can check your servers for evidence of a breach and apply the necessary patches to secure your Exchange environment.

$1300 per update needed, per server

 

Contact Us

Topics: Security, Exchange On Prem, Exchange Server

KiZAN Logo White

 

Louisville, KY

1831 Williamson Court

502.327.0333

 

Cincinnati, OH

9035 Meridian Way

513.563.6000

 

Subscribe to Notifications

Subscribe