"The initial attack requires the ability to make an untrusted connection to Exchange server port 443. "These vulnerabilities are used as part of an attack chain," Microsoft says. In summary, Microsoft says that attackers secure access to an Exchange Server either through these bugs or stolen credentials and they can then create a web shell to hijack the system and execute commands remotely. If used in an attack chain, all of these vulnerabilities can lead to Remote Code Execution (RCE), server hijacking, backdoors, data theft, and potentially further malware deployment. CVE-2021-27065: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths. CVE-2021-26858: CVSS 7.8: a post-authentication arbitrary file write vulnerability to write to paths.However, this vulnerability needs to be combined with another or stolen credentials must be used. CVE-2021-26857: CVSS 7.8: an insecure deserialization vulnerability in the Exchange Unified Messaging Service, allowing arbitrary code deployment under SYSTEM.Servers need to be able to accept untrusted connections over port 443 for the bug to be triggered. CVE-2021-26855: CVSS 9.1: a Server Side Request Forgery (SSRF) vulnerability leading to crafted HTTP requests being sent by unauthenticated attackers.Microsoft is now also updating Exchange Server 2010 for "defense-in-depth purposes."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |