{"id":3848,"date":"2021-11-23T15:42:50","date_gmt":"2021-11-23T10:12:50","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3848"},"modified":"2021-11-23T15:42:52","modified_gmt":"2021-11-23T10:12:52","slug":"accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/","title":{"rendered":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now"},"content":{"rendered":"\n
Proof-of-concept exploit code has been updated online over the weekend for a currently exploited high severity vulnerability affecting Microsoft Exchange servers. The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday.<\/p><\/p>\n\n\n\n
Successful exploitation allows authenticated attackers to execute code remotely on vulnerable Exchange servers. On Sunday, almost two weeks after the CVE-2021-42321 patch was issued, security investigators posted a proof-of-concept exploit for the Exchange post-auth RCE flaw.<\/p><\/p>\n\n\n\n
\u201cThis PoC just pop mspaint.exe on the target, can be use to observe the signature pattern of a successful attack event,\u201d the security investigators said.<\/p><\/p>\n\n\n\n
Admins Alerted to Patch Immediately<\/strong><\/h2>\n\n\n\n
“We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019,” Microsoft said. “Our recommendation is to install these updates immediately to protect your environment,” the company said, urging Exchange admins to patch the bug exploited in the wild.<\/p><\/p>\n\n\n\n
If you haven’t yet patched this security vulnerability in your on-premises servers, you can generate a quick inventory of all Exchange servers in your environment that need updating using the latest version of the Exchange Server Health Checker script. To check if any of your vulnerable Exchange servers have already been hit by CVE-2021-42321 exploitation attempts, you have to run this PowerShell query on each Exchange server to check for specific events in the Event Log:<\/p><\/p>\n\n\n\n
On-premises Exchange servers under Attack<\/strong><\/h2>\n\n\n\n
Exchange admins have dealt with two massive waves of attacks since the start of 2021, targeting the ProxyLogon and ProxyShell security vulnerabilities. State-backed and financially motivated threat actors used ProxyLogon exploits to deploy web shells, crypto miners, ransomware, and other malware starting with early March.<\/p><\/p>\n\n\n\n
In these attacks, they targeted more than a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of organizations around the world. Four months later, the US and its allies, including the EU, the UK, and NATO, officially blamed China for these widespread Microsoft Exchange hacking attacks.<\/p><\/p>\n\n\n\n
In August, threat actors also began scanning for and breaching Exchange servers by exploiting ProxyShell vulnerabilities after security researchers reproduced a working exploit.<\/p><\/p>\n\n\n\n
Even though payloads dropped using ProxyShell exploits were harmless in the beginning, attackers later switched to deploying LockFile ransomware payloads across Windows domains hacked using Windows PetitPotam exploits. With this latest vulnerability (CVE-2021-42321), researchers are already seeing attackers scan for and attempt to compromise vulnerable systems.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
As Microsoft Exchange has become a popular target for threat actors to gain initial access to a targets’ networks, it is strongly advised to keep servers up-to-date with the latest security patches.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Proof-of-concept exploit code has been updated online over the weekend for a currently exploited high severity vulnerability affecting Microsoft Exchange servers. The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday. […]<\/p>\n","protected":false},"author":2,"featured_media":3852,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Proof-of-concept exploit code has been updated online over the weekend for a currently exploited high severity vulnerability affecting Microsoft Exchange servers. The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday. […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-23T10:12:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-23T10:12:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now\",\"datePublished\":\"2021-11-23T10:12:50+00:00\",\"dateModified\":\"2021-11-23T10:12:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\"},\"wordCount\":477,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\",\"url\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\",\"name\":\"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-11-23T10:12:50+00:00\",\"dateModified\":\"2021-11-23T10:12:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/","og_locale":"en_US","og_type":"article","og_title":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited","og_description":"Proof-of-concept exploit code has been updated online over the weekend for a currently exploited high severity vulnerability affecting Microsoft Exchange servers. The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday. […]","og_url":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-11-23T10:12:50+00:00","article_modified_time":"2021-11-23T10:12:52+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now","datePublished":"2021-11-23T10:12:50+00:00","dateModified":"2021-11-23T10:12:52+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/"},"wordCount":477,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/","url":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/","name":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-11-23T10:12:50+00:00","dateModified":"2021-11-23T10:12:52+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/accomplishment-released-for-microsoft-exchange-rce-flaw-patch-now\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Accomplishment released for Microsoft Exchange RCE Flaw, Patch Now"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3848"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3848"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3848\/revisions"}],"predecessor-version":[{"id":3853,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3848\/revisions\/3853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3852"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-image1.jpg\")
<\/figure><\/div>\n\n\n\n![\"Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/Accomplishment-released-for-Microsoft-Exchange-RCE-Flaw-Patch-Now-image2.png\")
<\/figure><\/div>\n\n\n\n