Microsoft, Exchange Server Cumulative Updates-Fixes 4 Zero-Day Vulnerabilities

Microsoft has released the March 2021 Cumulative Update (CU), which it distributes quarterly for Exchange Server 2016 and Exchange Server 2019. It also includes security updates that address critical vulnerabilities currently under attack. Exchange Server on-premises users are likely to have the company installed a security update released on the 2nd. On the 2nd, the company released an emergency patch that addresses four zero-day vulnerabilities. The vulnerability was exploited by state-sponsored hackers and subsequently evolved into ransomware attacks. Due to the surge in attacks on government email servers, US federal agencies have been informed to immediately patch the Exchange Server vulnerabilities. The National Cyber ​​Security Center (NCSC) has also warned that there are an estimated 3,000 Exchange Servers without Microsoft’s latest patches. But now, Exchange Server 2016/2019 users can now address the vulnerability in new ways. This means that you can take the most complete mitigation by installing the latest cumulative update distributed by Microsoft. “The latest CU also includes a fix that was distributed as a security update for Exchange Server on March 2, 2021. That is, if you install the March 2021 CU, you’ll see the previously published March 2021. You don’t have to install any security updates, “the company points out. The company also released detailed information about Exchange Server vulnerabilities (CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065) for the corporate security team. An attacker exploited the vulnerability to remotely compromise Exchange Server and install a “webshell” to maintain persistence on the machine. As a result, the company warns that if an on-premises Exchange Server is compromised, work must be done to address the infection even after applying the security update. “The best and most comprehensive mitigation is to get the latest cumulative updates and apply all security updates, which we recommend as the solution that can provide the strongest protection against breaches.” Microsoft advises the incident response team working with Exchange Server software. The company also details how to isolate the affected Exchange Server until a security patch or March 2021 CU is deployed. Administrators can block inbound connections over port 443, but “may hinder teleworkers and other employees working remotely using non-VPNs (virtual private networks). No, and you can’t protect yourself from adversaries who have already entered your internal network. ”