Security News > 2021 > March > Microsoft fixes actively exploited Exchange zero-day bugs, patch now

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks.

These four zero-day vulnerabilities are chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network.

CVE-2021-26855 is a server-side request forgery vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

Due to the severity of the attacks, Microsoft recommends that administrators "Install these updates immediately" to protect Exchange servers from these attacks.

Microsoft Senior Threat Intelligence Analyst Kevin Beaumont has created a Nmap script that can be used to scan a network for potentially vulnerable Microsoft Exchange servers.

To detect whether a Microsoft Exchange server has been breached using these vulnerabilities, Microsoft has provided PowerShell and console commands to scan Event Logs/Exchange Server logs for traces of the attack.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/