Microsoft Release Patches For Vulnerabilities
Microsoft have released patches for multiple on-premises Microsoft Exchange Servers which will impact zero-day vulnerabilities that are being exploited by a nation-state-affiliated group.
The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange Online is not affected. Microsoft have made us aware of the situation and the immediate remediation steps you will need to take.
To minimise or avoid the impact of this situation, Microsoft highly recommend that you take immediate action to apply the patches for any on-premises Exchange deployments you have or are managing for a customer or advise your customer of the steps they need to take. The first priority being servers that are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
- You can use the Exchange Server Health Checker script, which can be downloaded from GitHub (use the latest release).
- Running this script will tell you if you are behind on your on-premises Exchange Server updates (note that the script does not support Exchange Server 2010).
- Microsoft also recommend that your security team assess whether or not the vulnerabilities were being exploited by using the Indicators of Compromise Microsoft shared here.
Resources and information from Microsoft
- Microsoft On the Issues blog
- Microsoft Security Response Center (MSRC) release – Multiple Security Updates Released for Exchange Server
- Exchange Team Blog
- MSTIC Blog
- MSRC Blog
- Microsoft On the Issues Blog
- Out of Band Exchange Release Customer Alert
- Security Update Guide
Exchange patch information
- March 2, 2021 Security Update Release – Release Notes – Security Update Guide – Microsoft
- CVE-2021-26855| Microsoft Exchange Server Remote Code Execution Vulnerability (public)
- CVE-2021-26857| Microsoft Exchange Server Remote Code Execution Vulnerability (public)
- CVE-2021-26858| Microsoft Exchange Server Remote Code Execution Vulnerability (public)
- CVE-2021-27065| Microsoft Exchange Server Remote Code Execution Vulnerability (public)
We are both committed to working with you through this issue. Please contact your intY Account Manager for more information.