Due to zero-day security vulnerabilities for Microsoft Exchange Server, among others, there is a threat of a new wave of attacks on unpatched Microsoft Exchange Servers. Below you will find further background information and tips on how to deal with the attack.
What happened?
On November 9, 2021, 55 patches were released for Microsoft, six of which are critical. Already in February and March, zero-day vulnerabilities in Microsoft Exchange servers were exploited by attackers to gain access to servers. Currently, two more zero-day vulnerabilities have been discovered, one of them for Microsoft Exchange Server.
The zero-day vulnerability, CVE-2021-42321, is in Microsoft Exchange Servers and requires immediate action as it is already being actively exploited by attackers. Perseus’ cybersecurity team strongly advises to install the available security patches immediately.
The CVE-2021-42292 vulnerability allows security features in Microsoft Excel versions 2013-2021 to be bypassed. Attackers could thus install malicious codes. To do so, all they need to do is trick users into downloading manipulated Excel files – for example, through phishing emails.
CVE-2021-42321: From experts for experts
Zero-day vulnerability CVE-2021-42321 is a critical remote code execution (RCE) vulnerability in Exchange Server caused by issues with commandlet argument (cmdlet) validation – that is, lightweight commands used in the PowerShell environment. They are invoked by the PowerShell runtime environment in the context of automation scripts deployed via the command line or invoked programmatically by the PowerShell runtime environment via APIs.
What are the threats to your organization?
The gaps are already being exploited by cybercriminals. They allow attackers to implant webshells and perform remote command executions, in short, to actively execute commands on compromised computers to install malware or ransomware and spy on sensitive data. For example, personal accounts send response emails that contain malicious links.
What can I do?
- Microsoft has released four patches rated as important to fix the vulnerabilities. Check if these patches are already installed on your Microsoft Exchange Server. If not, do so immediately. Due to the speed of propagation, speed of this implementation is critical to avoid large and cumulative cyber damage.
- Keep your systems up to date. We recommend using all automatic updates.