THREAT UPDATE
Due to the rise in targeted attacks on on-premise and hosted Microsoft Exchange servers, Microsoft, security vendors, and threat actors across the world have been looking for vulnerabilities within Microsoft Exchange services. As a result, Microsoft has issued another round of patches for additional critical vulnerabilities in versions of Exchange Server.
TECHNICAL DETAIL & ADDITIONAL INFORMATION
WHAT IS THE THREAT?
Over the last few months, attackers have been exploiting vulnerabilities present in unpatched Exchange 2013, 2016, and 2019 servers. The original vulnerabilities were previously addressed with patches by Microsoft in March, however new Remote Code Execution (RCE) vulnerabilities have been found and Microsoft has released patches to address them this past week (CVE-2021-28483, CVE-2021-28482, CVE-2021-28481, CVE-2021-28480). While Microsoft has not found these vulnerabilities being exploited in the wild, they have advised that on-premise and hosted Exchange servers should be patched as a precaution.
WHY IS IT NOTEWORTHY?
While Microsoft has released patches to address previous critical vulnerabilities present in Exchange last month, this new batch comes just weeks after their predecessors. It is also important to understand that these vulnerabilities allow threat actors to execute remote code on the servers on a consistent basis if the server is not patched. Since Microsoft has seen previous incidents exploiting this type of vulnerability, attackers will presumably have an easier time crafting exploits for these new vulnerabilities.
WHAT IS THE EXPOSURE OR RISK?
Microsoft has stated that Exchange 2013, 2016, and 2019 are affected by these vulnerabilities and servers running these versions of Exchange should be patched. While Microsoft has stated that they have not seen these vulnerabilities being exploited in the wild, they classify the “exploitability” of these vulnerabilities as “Exploitation More Likely” which indicates that threat actors will have an easier ability to exploit the vulnerabilities on a consistent basis using specially crafted code on unpatched servers.
As previously mentioned, several web design, web hosting and marketing vendors that service dealerships offer email hosting based on hosted Microsoft Exchange servers. As such, it is highly important that dealers either make certain that their own Exchange Servers or the Exchange Servers of their service providers are updated. If you have any doubts or have not received any notifications that your service provider has updated their servers, please reach out to them as soon as possible!
If you are unsure if your own servers have been properly patched or updated, please contact us today!
WHAT ARE THE RECOMMENDATIONS?
Microsoft has released documentation detailing how to apply the patches for the new vulnerabilities at the link below:
The patches and technical details for the March CVEs can also be found here:
REFERENCES:
For more in-depth information about the recommendations, please visit the following links:
- https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/
- https://msrc.microsoft.com/update-guide/vulnerability
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1
- https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
If you have any questions, please contact us.