Rewterz Informative Update – Microsoft Security Updates for Exchange Server Vulnerabilities

Severity

High

Overview

The latest Microsoft security updates address the vulnerabilities in:

• Exchange Server 2013
• Exchange Server 2016
• Exchange Server 2019

The Critical remote code execution vulnerabilities were discovered by the NSA (U.S. National Security Agency) and are fixed in the latest Microsoft Exchange update. The CVEs are:

• CVE-2021-28480 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28482 – Microsoft Exchange Server Remote Code Execution Vulnerability
• CVE-2021-28483 – Microsoft Exchange Server Remote Code Execution Vulnerability

While there are no active exploits in the wild, it is highly recommended that the customers install these updates ASAP to secure their work environments. The U.S. CISA (Cybersecurity and Infrastructure Security Agency) states, “these vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action,” and hints at the underlying flaws of the previous updates. Find step by step guides to installing the updates here: https://exupdatestepbystep.azurewebsites.net/ 

The most severe of the four vulnerabilities has a 9.8/10 CSS (critical severity score), and therefore, prompt action is required from the customers.  

Use the Exchange Server Health Checker script to detect any configuration issues that might affect the performance. It also shows if any Exchange servers are behind the CUs and SUs (cumulative or security updates)

Last month’s widespread exchange hacks and new findings show that attackers are leveraging the ProxyLogon exploit to deploy malicious cryptominers onto the Exchange servers. The payload is also being hosted on compromised Exchange servers.

Impact

Remote code execution

Remediation

Install the latest patches available.