Critical vulnerability in Microsoft Exchange – update as soon as possible

The National Cyber Security Centre SK-CERT (hereinafter referred to as “SK-CERT”) warns of critical vulnerabilities in Microsoft Exchange Server product. The attacker can use these vulnerabilities to execute a malicious code, take control of a vulnerable system and access sensitive information. Abuse is possible without knowledge of the login name and password. These vulnerabilities are actively exploited by attackers also in the Slovak cyberspace.

Microsoft Exchange Server is one of the most popular mail servers. The impact of vulnerabilities and their abuse is therefore global

SK-CERT distributed two warnings on vulnerabilities in Microsoft products to its constituency (the second warning is aimed at the above-mentioned vulnerabilities):

https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20210216-04/index.html

https://www.sk-cert.sk/threat/sk-cert-bezpecnostne-varovanie-v20210304-03/index.html

Individual vulnerabilities are tracked as CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. According to CVSS scores, these vulnerabilities have a value of 9.1 out of 10.

Vulnerabilities relate to the following products:

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

Microsoft Exchange Server 2013

Therefore, SK-CERT recommends the following:

  • Update quickly all affected products to the latest version, officially released by Microsoft company.
  • Verify the servers’ security, for example, by using antivirus products.
  • As a precaution, change passwords into accounts (both admin and regular mail accounts) to sufficiently strong and unique ones.
  • If the same passwords have been also used somewhere else, change these passwords too, using unique and different ones for an each account.
  • Monitor devices oriented on non-standard connections or attempts to connect. If the configuration allows, check past communications, both against the Internet and the private network.
  • In case of detection of a cybersecurity incident caused by this vulnerability, report it to the National Cyber Security Centre SK-CERT at https://www.sk-cert.sk/en/tips-and-tricks/report-an-incident/index.html.

« Späť na zoznam