Microsoft Exchange security vulnerability

Scope

The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). The vulnerability affects on-premises and hybrid Exchange Servers 2010, 2013, 2016, and 2019. The first priority are servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP). As of 9 March 2021, it has been estimated that 250,000 servers had already fallen victim to the attacks. This includes servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority and the Norwegian Parliament.

Note: If you are within a 100% cloud solution such as Office 365/Microsoft 365 environment, then this vulnerability may not affect you.

Actions

To protect your organization, Microsoft recommends organizations install the latest security patch as soon as possible.

Patch Links:

1. March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft

2. CVE-2021-26412

3. CVE-2021-26854

4. CVE-2021-26855

5. CVE-2021-26857

6. CVE-2021-26858

7. CVE-2021-27065

8. CVE-2021-27078

We recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.

Cyberboxx policyholders affected by this vulnerability and need help from the Hackbusters team to address the mitigation actions, please contact your BOXX representative for assistance.

For additional information, please refer to the following resources:

• Exchange Team Blog Post

• Microsoft Security Response Center release

As always, we will continue to be vigilant in monitoring for the latest cyber threats and vulnerabilities.