Proof of Concept Code available for new Microsoft Exchange vulnerabilities
This blog contains information regarding Proof of Concept Code that is made available for new Microsoft Exchange vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This blog contains information regarding Proof of Concept Code that is made available for new Microsoft Exchange vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update November 23, 2021
12:00 | Earlier this month, Microsoft published information about new vulnerabilities in Exchange Server (CVE-2021-41349, CVE-2021-42305, CVE-2021-42321). These vulnerabilities were initially rated by the Dutch NCSC as medium risk of exploitation/high risk of damage. This classification has since been revised to high/high due to new publicly available proof of concept code.
Background
By using the Remote Code Execution vulnerabilities, an attacker can run code remotely with admin/root rights on Exchange systems. This can provide the attacker with full control over the system. On-premises Microsoft Exchange 2013, 2016, and 2019 servers that do not yet have the KB5007409 update are vulnerable. KB5007409 is installed via below cumulative update packages: Exchange Server 2013 – Cumulative Update 23 Exchange Server 2016 – Cumulative Update 21 en 22 Exchange Server 2019 – Cumulative Update 10 en 11 These vulnerabilities do not apply to Exchange Cloud servers. In hybrid environments, the local systems still need to be updated.
Risk
Earlier this month, Microsoft published information about new vulnerabilities in Exchange Server (CVE-2021-41349, CVE-2021-42305, CVE-2021-42321). These vulnerabilities could allow an attacker to, after authentication, remotely execute arbitrary code on the Exchange system with admin/root privileges. On November 9th, Microsoft patched these vulnerabilities with an update.
There are currently no mitigations/workarounds available – only updating the system resolves the issue. If KB5007409 is not yet installed, we advise pushing this update as soon as possible.
Advice
Sources
More information:
- https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2021-exchange-server-security-updates/ba-p/2933169
- https://advisories.ncsc.nl/advisory?id=NCSC-2021-0994
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41349
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42305
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
