Four Zero-Day Vulnerabilities in Microsoft Exchange Server

Recently we learned about four critical zero-day vulnerabilities that let adversaries access Microsoft Exchange Servers and potentially gain long-term access to the infected systems.

What is the Microsoft Exchange Server Vulnerability?

On March 2, the world learned about four critical zero-day vulnerabilities inside Microsoft Exchange Server. These vulnerabilities allowed attackers to gain access to Microsoft Exchange Servers and enabled them to execute arbitrary code, potentially gaining long-term access to the infected system.

Four Microsoft Exchange Server vulnerabilities: 

• CVE-2021-26855 
• CVE-2021-26857 
• CVE-2021-26858 
• CVE-2021-27065

Ensure That You're Protected!

Microsoft has released a security update to patch these vulnerabilities. It is strongly recommended to update all your Microsoft Exchange servers as soon as possible to the latest available patched versions released by Microsoft.

I also recommend that you visit our own Palo Alto Networks Response page immediately and learn how you can request help. Engage with Crypris to determine whether you've been impacted, shut down active threats, and quickly recover from the attack.

Based on signatures and indicators that have been observed, Palo Alto Networks customers are protected across our product ecosystem, with specific protections deployed in the following products and subscriptions:

• Next-Generation Firewall:
  • Threat Prevention (Deploy Content Pack 8380 or newer, which detects the four 0-day vulnerabilities)
  • URL Filtering
• Cortex XDR
• Cortex XSOAR

That being said, customers should employ best practices to ensure Palo Alto Networks products are configured in a manner best suited for their protection.

Understanding the Threat!

We understand that you might have questions about this attack and how it can potentially impact you. 

Unit 42— our global threat intelligence team — also put together this Threat Assessment: Active Exploitation of Four Zero-Day Vulnerabilities in Microsoft Exchange server.

In addition, you can refer to Hunting for the Recent Attacks Targeting Microsoft Exchange in order to hunt down the threats and leverage the protection mechanisms outlined in this document.

Join the Unit 42 Threat Briefings!

Join Ryan Olson, leader of Palo Alto Networks Unit 42 Threat Research team, to learn more about:

• The effective countermeasures you can take today to help protect your organization.
• What we currently know about these exploits.
• What Palo Alto Networks is offering to help our customers in the spirit of our mission to protect our digital way of life.

Make sure to register for the threat briefing here: Helping Mitigate Microsoft Exchange Vulnerabilities 

Along with these threat briefings, Unit 42 Intel put together a concise playbook about how to protect yourself from the Microsoft Exchange Server vulnerabilities. We encourage you to follow these: Remediation Steps for the Microsoft Exchange Server Vulnerabilities

Additional Resources:

• Palo Alto Networks Response 
• UNIT 42 Threat Assessment 
• Attacks Targetting Microsoft Exchange

Thanks for taking time to read this blog and go make sure you're secure !
Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

As always, we welcome all questions, comments and feedback - I've started a new Discussion about this topic, so please share your thoughts there, or you can always reply in the comments section below.

Kiwi out!