Newly discovered MS Exchange vulnerabilities after HAFNIUM incident

Microsoft

Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities

On 13 April 2021 Microsoft published Security Updates to address vulnerabilities in multiple products. 114 security flaws are being addressed and 19 of them are rated as critical and 88 are rated as important and one is rated as moderate severity.

The security update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host.

These 4 remote code executions (RCE) vulnerabilities (CVE-2021-28480 to CVE-2021-28483) were discovered by NSA. Two of them are unauthenticated and require no user interaction and carries a CVSS score of 9.8 out of a maximum of 10.

Microsoft has indicated that the vulnerabilities fixed in the April 2021 security updates affecting Microsoft Exchange products are different from those previously patched in March 2021.

Therefore, running March 2021 security tools and scripts will not mitigate these newly identified vulnerabilities. Microsoft reports that these vulnerabilities, reported by NSA, have not yet been exploited.

Microsoft recommends that organizations update on-prem servers as soon as possible as Microsoft Exchange Online customers are already protected by the April 2021 security updates.

We recommend everyone to install these updates ASAP and secure their infrastructure as there is an ongoing attack chain for the exchange servers from last month and there is a possibility of these vulnerabilities getting weaponized combined with them.

April 2021 Release Notes: https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr

Security Update Guide: https://msrc.microsoft.com/update-guide/en-us

More info: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617

CISA Alert: https://us-cert.cisa.gov/ncas/current-activity/2021/04/13/apply-microsoft-april-2021-security-update-mitigate-newly

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.