Microsoft today released an emergency patch for Microsoft Exchange Server. The patch fixes seven different vulnerabilities. Four of these vulnerabilities are currently being used in targeted attacks.
Quick Summary / What you need to do:
The attacks gain access via a Server Side Request Forgery (SSRF) vulnerability. Exploiting this vulnerability requires access to port 443. This vulnerability can be used to trick the Exchange server to send requests essentially to itself, bypassing authentication. This will give access to an insecure deserialization vulnerability that can be leveraged to execute arbitrary code as SYSTEM. Finally, two file upload vulnerabilities are used to upload files to the system.
Microsoft observed the attackers uploading web shells for persistent access and exfiltrating credentials and email from affected servers.
Microsoft currently only makes patches available for the exact versions listed below in the "Patch Available For" column. You will first need to apply the respective RU/CU before applying today's patch.
March 2, 2021 Exchange Emergency Patch Summary.
Related Microsoft Posts:
HAFNIUM targeting Exchange Servers with 0-day exploits
Intrusion Detection In-Depth - SANS London October 2021
Mar 5th 2021
|Thread locked Subscribe||
Mar 5th 2021
6 months ago