Advisory No: TZCERT/SA/2021/08/24
Date of First Release: 24th August 2021
Source: Microsoft
Software Affected:
- Microsoft Exchange Server 2019
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2013
Overview:
Microsoft Exchange Server contains remote code execution vulnerabilities as a result of improper input validation. Exploitation attempts leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities.
Description:
Vulnerabilities exist in a way Microsoft Exchange Servers handle Uniform Resource Identifier (URI) validation, user-supplied data validation and validation of access token. An attacker can exploit the flaws to bypass ACL controls, elevate privileges and perform unauthenticated, remote code execution.
Impact:
Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.
Solution:
Microsoft has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates.
References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34473
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34523
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523