CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability

March 4, 2021 Katie McCullough, OneNeck CISO

Over the last couple of days, Microsoft released out-of-band security updates to address multiple vulnerabilities in Microsoft Exchange that could allow an unauthenticated, remote attacker to exploit an Exchange Server by sending a specially crafted HTTP request over port 443 allowing the attacker to authenticate.

These are the recommended security updates:

  • Update KB5000871 has been released for the latest release of the latest three versions of Microsoft Exchange (2013-2019) and the previous release for currently supported versions (2016, 2019).
  • Update KB5000978 has been released for the latest release of Microsoft Exchange 2010.

At OneNeck, we take these threats very seriously and are actively creating patching baselines, working on plans and scheduling to apply these vulnerability patches with customers that have Managed Exchange Services with OneNeck. 

Additional Information From Microsoft:


Mitigations (From Microsoft CVE)


The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file.
We recommend prioritizing installing updates on Exchange Servers that are externally facing.


FAQ (From Microsoft CVE)


Q: Is this vulnerability being used in an active attack?



A:

Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack.


Q: What is the target for this attack?



A:

The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.

 

Source Links:

If you have any questions or concerns that you’d like to discuss with a OneNeck security expert, we’re here to help.

 

This post CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability first appeared on OneNeck.

Previous Article
Still Confused About Microsoft’s Product Names? | O365 vs M365
Still Confused About Microsoft’s Product Names? | O365 vs M365

From time to time, we still get questions related to Microsoft’s continuing effort to clarify product offer...

Next Article
Is Your Data Holding You Back?
Is Your Data Holding You Back?

The stats are crazy. There are roughly 3.7 billion humans using the Internet, with 5.6 billion Google searc...