Microsoft Exchange Server Critical RCE Vulnerabilities

Details of four critical RCE vulnerabilities in Exchange Server have been released by Microsoft. Any one of these vulnerabilities can be exploited by an unauthenticated attacker to gain administrative control over an affected system.

Threat ID:: CC-3819
Threat Severity:: High
Published:: 13 April 2021 8:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Versions: 2019 CU8/CU9 and earlier, 2016 CU19/CU20 and earlier, and 2013 CU23 and earlier

Microsoft Exchange Server

Threat details

Introduction

Microsoft has released details of four remote code execution vulnerabilities affecting their Exchange Server mail server platform. They claim that a remote unauthenticated attacker could exploit any of these to gain control of an affected Exchange Server system.

Vulnerability details

At the time of publication, Microsoft has not provided any further detail on the cause or mechanics of any of these vulnerabilities. They have, however, stated that all of them provide persistent and pervasive access to target networks with minimal attacker input.

Exchange Online and Server 2010 not affected

Organisations should be aware that only the listed Exchange Server versions, either physically or virtually hosted, are vulnerable. Exchange Online and all associated platforms are not vulnerable.

Microsoft Exchange Server 2010 is also not affected by these vulnerabilities, but has reached end of service so is not expected to receive any future security updates.

Remediation advice

Microsoft has released KB5001779 to address these vulnerabilities in all affected Exchange Server versions. Affected organisations are required to apply these updates immediately.

Organisations will need to update to one of the supported Cumulative Update (CU) (see Platforms affected) before applying KB5001779. Microsoft has released guidance on how to do this and also recommends making use of their Exchange Server Health Checker and Cumulative Update Wizard tools to ensure the correct updates are applied, and that updates are applied successfully.

NCSC link

https://www.ncsc.gov.uk/news/security-updates-released-microsoft-exchange-server

Definitive source of threat updates

CVE Vulnerabilities

CVE-2021-28480

CVE-2021-28481

CVE-2021-28482

CVE-2021-28483

Last edited: 7 September 2021 9:29 am