Today, Microsoft released a critical security update rollup for Exchange Server versions 2019, 2016, and 2013, addressing multiple 0-day exploits being used in the wild. Microsoft has attributed the weaponization of these vulnerabilities to a Chinese state-sponsored hacking group, "Hafnium." Microsoft Exchange Server has proven a popular mail server and calendar solution, over the past 20 years, making it a natural target for criminal intents and repeated exploitation efforts.
As a result, Microsoft has issued KB5000871 which details the following CVE’s:
- CVE-2021-26412 - Remote Code Execution Vulnerability
- CVE-2021-27078 - Remote Code Execution Vulnerability
- CVE-2021-26854 - Remote Code Execution Vulnerability
- CVE-2021-26855 - Server-Side Request Forgery
- CVE-2021-27065 - Post-Authentication Arbitrary File Write Vulnerability
- CVE-2021-26857 - Insecure Deserialization Vulnerability
- CVE-2021-26858 - Post-Authentication Arbitrary File Write Vulnerability
Microsoft has provided additional technical details in support of evaluating risk potential and Indicators of Compromise (IOCs).
Your Plan of Attack? Update and Patch Now!
Microsoft and Automox recommend that anyone running vulnerable Microsoft Exchange Servers install the security update as soon as possible. Automox customers should search for KB5000871 in the Automox console and apply out-of-band. In addition, and for non-Automox customers, Microsoft has published the security updates to the Microsoft Update Catalog and Windows Update.
These vulnerabilities can be addressed through the following KB: KB5000871
Due to the critical nature of this patch, we do not recommend using automation services to deploy. If you have not done so, establish a critical patch deployment plan that your organization can use to update your services against this and other highly critical vulnerabilities.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS and third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
