I. Overview

Microsoft has officially released a security notice about Exchange Server, disclosing multiple high-risk Exchange vulnerabilities that have been exploited by attackers as a part of an attack chain.

CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange, which allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

CVE-2021-26857 is an insecure deserialization vulnerability, which allows an attacker to run code as SYSTEM on the Exchange server.

CVE-2021-26858 and CVE-2021-27065 are post-authentication arbitrary file write vulnerabilities, which allow an attacker to write a file to any path on the server after authentication. Attacker can authenticate by exploiting the CVE-2021-26855 vulnerability.

If you are a Microsoft Exchange user, check your system and implement timely security hardening.

For more information about this vulnerability, visit the following websites:

HAFNIUM targeting Exchange Servers with 0-day exploits

Multiple Updates Released for Exchange Server

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Microsoft Exchange Server 2013

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

Microsoft Exchange Server 2010

IV. Vulnerability Handling

Currently, patches for affected versions have been officially released. Upgrade the patches if you are using an affected version.

CVE-2021-26855

CVE-2021-26857

CVE-2021-26858

CVE-2021-27065

If you cannot install the patches in a timely manner, perform workarounds by referring to Scan Exchange log files for indicators of compromise released by the HAFNIUM team.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.