On April 13, 2021, Microsoft released a software update to address four newly reported remote code execution (RCE) vulnerabilities for the on-premises versions of Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.
While no active exploitation has been reportedly observed, both Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) recommend applying these patches immediately. For more information on these patches, refer to the Recommendations for Mitigation section.
Alert Logic is not impacted by this vulnerability.
Vulnerability Description
The four vulnerabilities in question were reported to Microsoft by the National Security Agency (NSA) and the Microsoft Security team. There is currently very little public information on what the vulnerabilities are or how they work.
All vulnerabilities are classified as RCE with low “attack complexity” and require no or low privileges. As a result, it is recommended that these patches be applied as soon as possible.
The vulnerabilities in question have been assigned the following CVE numbers:
- CVE-2021-28480 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVSS 3.0 Score: Base: 9.8 - CVE-2021-28481 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVSS 3.0 Score: Base: 9.8 - CVE-2021-28482 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVSS 3.0 Score: Base: 8.8 - CVE-2021-28483 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVSS 3.0 Score: Base: 9.0
Alert Logic Coverage
Vulnerability Scanning: Alert Logic has released authenticated vulnerability scan coverage to identify vulnerable assets.
We are continuously watching emerging exploits via multiple feeds and channels. Should an exploit emerge, the coverage will be prioritized and delivered in log analytics or IDS releases that occur multiple times a week.
Recommendations for Mitigation
Microsoft has released a set of patches to address these vulnerabilities in this article. It is recommended to apply these patches immediately if you are using on-premise Microsoft Exchange Server 2013, Exchange Server 2016, or Exchange Server 2019.
Note: Microsoft Exchange online customers are already protected and do not need to take any further action.
Updates
This section will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click the FOLLOW button at the top of the article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
Comments
0 comments
Please sign in to leave a comment.