Additional details in the report suggest that the stack of vulnerabilities apply to on-premises Microsoft Exchange Server, as well as servers in Exchange Hybrid mode, while Exchange Online customers will not be affected. In the past few months, remote code execution security risks have affected several Microsoft products such as Visual Studio and Microsoft 3D Viewer. Remote code execution vulnerabilities (RCE) can be leveraged by cybercriminals to elevate system privileges, gain full system control and finally execute system commands. A remote attacker can then modify, write, delete or read files as well as connect to databases.
About Microsoft Exchange Server
Microsoft Exchange Server has existed since 1996 and is an open-source collaborative groupware solution that runs exclusively on Windows Server operating systems. It is one of the most popular enterprise-grade integrated mail server solutions used all over the world by businesses and academic institutions, most popularly used with web clients such as Microsoft Outlook.
Microsoft Exchange Server Vulnerability
According to VulDB a, “vulnerability has been found in Microsoft Exchange Server 2016 CU22/2019 CU11 (Groupware Software) and classified as critical.” The impact is that it is known to affect the confidentiality, integrity, and availability of a system. Information about the weakness was shared on November 9th, 2021 as confirmed by security guidance. The advisory is also shared at portal.msrc.microsoft.com. The exploitation appears to be easy, and the attack can be launched remotely. Technical analysis conducted by security researchers has divulged information that reveals this is a ‘Post-authentication vulnerability.’ As far as which software versions are at risk, this has been confirmed as; Microsoft Exchange Server 2016 and 2019.
Important User Information
Microsoft’s ‘November 2021 Security Exchange Server Security Updates’ page states that Microsoft is fully cognizant of the situation, “We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.” To update Microsoft Exchange Server, the Tech Community portal at Microsoft recommends;
Running the latest release of Exchange Server Health Checker script to determine if updates are required Check the latest ‘Cumulative‘ update
