About Galtec Meet the Management Team Achievements
Cyber Security Managed Services Cloud Networking Security Project Management Device Lifecycle Management Microsoft Services Procurement IT Support Technical Services Values and Mission Statement
Hardware Software Consumables
E-Pro Portal Quote Me Store Microsoft CSP Licence Portal
Customer Support Galtec Service Desk Network Operation Centre
Empowering your business through technology
 
 
 
 
 
 
 
 
AdobeStock_355152474.jpeg
 

Microsoft issues advice to Exchange Server

customers following vulnerabilities exploitation

 

Microsoft has made it public that sophisticated actors have attacked a number of on-premises Exchange servers and as a result have released multiple security updates for the affected servers.

These updates have been released ahead of the monthly update cycle because four of the seven vulnerabilities have been used in limited targeted attacks. The security updates will fix the vulnerabilities exploited in the initial attacks.

The affected versions of Microsoft Exchange are as follows;

·         Microsoft Exchange Server 2013

·         Microsoft Exchange Server 2016

·         Microsoft Exchange Server 2019

·         A defence in depth update for Microsoft Exchange Server 2010 has also been released.

·         Exchange Online is not affected.

 All customers with an on premise Exchange environment that utilise Galtec’s Managed Patch or Core Security service are being scheduled for CU updates over the coming days. If you require any assistance with updating your Exchange environment, please contact presales@galtec.com and a member of the team will be in touch to support you.

 

The four vulnerabilities;



1.    CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Code Execution Vulnerability 
This is an SSFR which can allow the sending of arbitrary HTTPs requests, authenticating as the exchange server. 

2.    CVE-2021-26857- Microsoft Exchange Server Remote Code Execution Code Execution Vulnerability
This is a deserialization in Microsoft’s unified messaging service. This means that untrusted user controllable data is deserialized by a particular program. This would require administrator level privileges or exploitation of another vulnerability to be achieved. 

3.    CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Code Execution Vulnerability
This is a post authentication arbitrary file write vulnerability in exchange. A threat actor can authenticate to a targeted exchange server, then they can use this vulnerability to write a file to any path on the server. 

4.    CVE-2021-27065 - Microsoft Exchange Server Remote Code Execution Code Execution Vulnerability
This is also a post authentication arbitrary file write vulnerability. A threat actor can authenticate to a targeted exchange server, then they can use this vulnerability to write a file to any path on the server.


Action required: Microsoft are highly recommending that customers take immediate action to apply the patches for any on-premises deployments they have. There are published patches for all four vulnerabilities. Customers should apply patches to servers which are accessible from the internet as a priority. 

For more information regarding the updates themselves on how to apply them can be found on Microsoft’s Support Website

Galtec are committed to helping our customers rectify any problems you may be having at this time in regards to the above information.  Once again if you require any assistance please E-mail presales@galtec.com