Update now! Emergency zero-day patch released

There’s a new update out that addresses four previously unknown or ‘zero-day’ vulnerabilities in Exchange Server.

Microsoft is encouraging their customers to apply the updates as soon as possible because the flaws are rated critical.

Exchange Server 2013, 2016, and 2019 are affected. Exchange Online is not affected.

The flaw is considered of critical importance because attackers used the bugs in on-premise Exchange servers in order to access the email accounts of users.

For this attack to take place, the attacker only needs to know the server that is running Exchange and the account that they’d like to extract e-mails from.

These attacks first began showing up on January 6, 2021.

Promptly applying the patch for this flaw is the best protection against this attack.

The attackers are primarily targeting US entities in infectious disease research, law firms, higher education institutions, defense contractors, poly thinktanks, and NGOs.

CVE-2021-26855, a server-side request forgery vulnerability; CVE-2021-26857, an insecure deserialization vulnerability; CVE-2021-26858, a post-authentication arbitrary file write vulnerability; and CVE-2021-27065, another post-authentication arbitrary file write vulnerability, are the problem children that will be patched with this update.

It’s important to patch against these vulnerabilities as soon as possible, especially since, after compromising the affected Exchange servers, these attackers are deploying web shells on them.

This allows for potential data theft and further compromise because web shells are small scripts that provide an interface for remote access to a compromised system.

Microsoft has seen a steep increase in web shell attacks recently. Do not delay in patching.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648