Microsoft has released security updates on the 2nd March 2021, addressing vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) found in the Microsoft Exchange Server.
Summary
The vulnerabilities found have been used in limited targeted attacks and could authorize arbitrary code to be executed. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack; other portions of the chain can be triggered if an attacker already has access or can convince an administrator to run a malicious file.1
Products Affected:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
The vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
SOLUTIONS:
It is recommended that updates be installed immediately to protect against attacks.
For further information on these vulnerabilities kindly follow the below URL:
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Multiple Security Updates Released for Microsoft Exchange Server.pdf
REFERENCES:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/