Debian has released security update to address vulnerabilities in openssl. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review Debian Security Advisory and apply necessary updates.

F5 has released security update to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review F5 Security Advisories K04337834, K50974556, K55543151, K08593253 and K42910051 and apply necessary updates.

OpenSSL Org. has released security update to address vulnerabilities in openssl. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review OpenSSL Security Advisory and apply necessary updates.

FreeBSD has released security updates to address vulnerabilities in ggatec, libfetch and openssl. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review FreeBSD Security Advisories FreeBSD-SA-21:14.ggatec, FreeBSD-SA-21:15.libfetch and FreeBSD-SA-21:16.openssl and apply necessary updates.

Advisory No: TZCERT/SA/2021/08/24

Date of First Release: 24^th August 2021

Source: Microsoft

Software Affected: 

• Microsoft Exchange Server 2019
• Microsoft Exchange Server 2016
• Microsoft Exchange Server 2013

Overview:

Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.

Description:

Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.   

References:

1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523