To assist Exchange administrators with investigation of their own servers, the Microsoft Exchange Server team has created a script that can be run on Exchange servers to scan the logs for IOCs.Ĭustomers who use on-premises versions of Microsoft Exchange Server 2013 and above are highly recommended to either use Microsoft's tool or other similar scripts to validate whether or not they have been affected.Īs of March 15, 2021, Microsoft has released a one-click Exchange on-premises mitigation tool as an interim solution for customers who have not applied the formal security patched. The Microsoft and CISA advisories have very detailed information on Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) for this attack. Government Cybersecurity & Infrastructure Security Agency (CISA) Alert AA21-062A for further guidance and information. In addition to Microsoft’s advisories and the following article, potentially affected customers are strongly encouraged to review the U.S. Researchers believe that these vulnerabilities were used in an attack chain that could gain access to an organization’s network via the compromised Exchange Server access and extract sensitive information such as contents of entire email mailboxes and address books as well as conducting further operations such as dumping credentials, manipulate Active Directory, and moving laterally within the environment. The four critical CVEs that were highlighted in the advisory include a network based server-side request forgery (SSRF) vulnerability, CVE-2021-26855, to gain a foothold and three post-authentication local vulnerabilities: CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The affected versions of Microsoft Exchange Server are 2013, 20. On March 2, 2021, Microsoft released a security advisory and emergency Out-of-Band (OOB) patches to address multiple 0-day exploits that appear to have actively attacked on-premises versions of Microsoft Exchange Server.
Worry-Free Plug-In - Security For MAC All Worry-Free Business Security Standard All
Worry-Free Business Security Services All Worry-Free Business Security Advanced All TippingPoint Network Protection (Azure) All TippingPoint Network Protection (AWS) All ServerProtect for Network Appliance Filer All Interscan Web Security Virtual Appliance All Interscan Web Security as a Service - Hybrid
Interscan Messaging Security Virtual Appliance All Interscan Messaging Security Appliance All