Malware Devil

Loading...

Monday, March 8, 2021

Security Alert: [Updated] Alert Regarding Vulnerabilities in Microsoft Exchange Server

JPCERT-AT-2021-0012
JPCERT/CC
2021-03-03(Initial)
2021-03-08(Update)

I. Overview

On March 2, 2021 (US Time), Microsoft has released information regarding multiple vulnerabilities in Microsoft Exchange Server. A remote attacker may execute arbitrary code with SYSTEM privileges by leveraging these vulnerabilities. According to Microsoft, four of these vulnerabilities have already been exploited in limited targeted attacks, and it is recommended to take measures as soon as possible. For more information,please refer to the information provided by Microsoft.

Microsoft The_Exchange_Team
Released: March 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

Microsoft Security Response Center
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

II. Affected Products and Versions

Affected products and versions are as follows. Microsoft Exchange Online is not affected.

– Microsoft Exchange Server 2019
– Microsoft Exchange Server 2016
– Microsoft Exchange Server 2013

III. Solution

Microsoft has released versions that address these vulnerabilities.Microsoft recommends prioritizing installing updates on Exchange Servers that are externally facing. Please consider to take measures as soon as possible by referring to the information provided by Microsoft.

– Microsoft Exchange Server 2019 (CU 8, CU 7)
– Microsoft Exchange Server 2016 (CU 19, CU 18)
– Microsoft Exchange Server 2013 (CU 23)

In addition, the security updates are also available for Microsoft Exchange Server 2010, which is no longer supported.

IV. Related Information

Information that explains the details of the observed attacks has been released by Microsoft and others. In addition to the details of the exploited vulnerabilities, the Microsoft’s blog provides information on activities confirmed in the attack, investigation methods and indicator information for confirming the presence of damage from the attack.Please check the information as a reference for your investigation.

Microsoft
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Microsoft released a new blog and recommended to promptly apply countermeasures as well as to investigate if attacks exploiting these vulnerabilities have already been conducted. Microsoft also released PowerShell scripts on Github to investigate the evidence of compromise.In addition, other parties such as Volexity, FireEye and CISA have also released information on indicators and investigation methods for attacks that exploit these vulnerabilities. It is recommended to take measures and investigate as soon as possible by referring to the information by Microsoft and others.

Microsoft
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021
https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft
microsoft / CSS-Exchange
https://github.com/microsoft/CSS-Exchange/tree/main/Security

CISA
Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-062a

Volexity
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

FireEye
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html

V. References

Microsoft
New nation-state cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/

Microsoft
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

Microsoft
CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

Microsoft
CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

Microsoft
CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

If you have any information regarding this alert, please contact JPCERT/CC.

2021-03-03 First edition
2021-03-08 Updated “IV. Related Information”

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

Read More

The post Security Alert: [Updated] Alert Regarding Vulnerabilities in Microsoft Exchange Server appeared first on Malware Devil.



https://malwaredevil.com/2021/03/08/security-alert-updated-alert-regarding-vulnerabilities-in-microsoft-exchange-server/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-updated-alert-regarding-vulnerabilities-in-microsoft-exchange-server
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...