Microsoft Exchange Server Zero-day Vulnerabilities

Microsoft has recently released critical updates addressing multiple zero-day vulnerabilities in Microsoft Exchange Server 2019 and 2016. So far, the criminals that used these vulnerabilities managed to target companies and individuals in the United States, and their preferred malware implants were the DearCry Ransomware and the PowerCat penetration testing utility. It is believed that one of the major gangs to be behind the attacks against Microsoft Exchange Servers is HAFNIUM, but it is possible that other cybercriminals might have used the zero-day exploits as well.

Users of Microsoft Exchange Server are advised to apply all available updates immediately since this is the only way to fix these vulnerabilities and prevent evil-minded users from exploiting them. The vulnerabilities are tracked under the aliases:

• CVE-2021-26855 – It enables a server-side request forgery (SSRF) attack, which could be used by attackers to falsely authenticate as an administrator.
• CVE-2021-26857 – this exploit becomes available if the criminals manage to gain administrator permission via the CVE-2021-26855 vulnerability, and it enables them to run remote code.
• CVE-2021-26858 – this vulnerability is exploitable if the attackers have gained administrative permissions, and it enables them to write files onto the compromised system.
• CVE-2021-27065 – just like vulnerability CVE-2021-26858, this one also provides attackers with the ability to write files to the remote host, as long as they have administrator credentials.

So far, the Microsoft Exchange Server Zero-day Vulnerabilities have been exploited to deploy ransomware, as well as to steal sensitive data from compromised systems. As mentioned above, the best way to prevent such attacks is to apply the urgent security updates released for Microsoft Exchange Server 2016 and 2019. Furthermore, network administrators can further enhance their network security by using reputable firewall and antivirus services.