HIGH ALERT – ACT QUICKLY: For organisations using Microsoft Exchange
by CIRT Team
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments. The ACSC is assisting affected organisations with their incident response and remediation.
The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to do so urgently.
Background
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):
CVE-2021-26855 – server-side request forgery (SSRF) vulnerability in Exchange.
CVE-2021-26857 – insecure deserialization vulnerability in the Unified Messaging service.
CVE-2021-26858 – post-authentication arbitrary file write vulnerability in Exchange.
CVE-2021-27065 – post-authentication arbitrary file write vulnerability in Exchange.
Microsoft has identified that if successfully exploited, these CVEs together would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system. Microsoft has observed instances where the attacker has uploaded web shells to maintain persistent access to compromise Exchange servers.
Microsoft has released security patches for the following versions of Microsoft Exchange:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
Additional details relating to the patches is available here. Microsoft has also released a security patch for Microsoft Exchange Server 2010 Service Pack 3.
Severity: Critical
Subject: .GLOBAL THREAT – WARNING TO ALL USERS
Source: cyber.gov.au
https://www.cyber.gov.au/acsc/view-all-content/alerts/exchange-server-critical-vulnerabilities
For more details view this alert: https://brica.de/alerts/alert/1381990/
Recommended Posts
Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages
08 Oct 2024 - Security Advisories & Alerts