Microsoft urges Exchange admins to patch bug exploited in the wild

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-urges-exchange-admins-to-patch-bug-exploited-in-the-wild/
Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.

The security flaw tracked as CVE-2021-42321 impacts Exchange Server 2016 and Exchange Server 2019, and it is caused by improper validation of cmdlet arguments according to Redmond's security advisory.

CVE-2021-42321 only affects on-premises Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode (Exchange Online customers are protected against exploitation attempts and don't need to take any further action).

"We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019," Microsoft explained.

"Our recommendation is to install these updates immediately to protect your environment."

For a quick inventory of all Exchange servers in your environment behind on updates (CUs and SUs), you can use the latest version of the Exchange Server Health Checker script.
Click to expand...
 
  • Like
Reactions: harlan4096, Gandalf_The_Grey and JB007
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
www.bleepingcomputer.com

Exploit released for Microsoft Exchange RCE bug, patch now

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.
www.bleepingcomputer.com www.bleepingcomputer.com
Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month's Patch Tuesday.

Successful exploitation allows authenticated attackers to execute code remotely on vulnerable Exchange servers.

On Sunday, almost two weeks after the CVE-2021-42321 patch was issued, researcher Janggggg published a proof-of-concept exploit for the Exchange post-auth RCE bug. "This PoC just pop mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack event," the researcher said.

Admins warned to patch immediately​

"We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019," Microsoft said.
Click to expand...
 
  • Like
Reactions: Gandalf_The_Grey and harlan4096
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
    • +Reputation
Ivanti warns of new actively exploited MobileIron zero-day bug
Replies
0
Views
800
News Archive
[correlate]
[correlate]
upnorth
    • Like
    • +Reputation
Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations
Replies
0
Views
589
News Archive
upnorth
upnorth
MuzzMelbourne
    • Like
    • +Reputation
    • Applause
ASUS urges customers to patch critical router vulnerabilities
Replies
2
Views
1,065
News Archive
blackice
blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top