PoC for Microsoft Exchange bug discovered by NSA public

Sicherheit (Pexels, allgemeine Nutzung)[German]Various security vulnerabilities in Microsoft Exchange were discovered by the US intelligence agency NSA and reported to Microsoft. Microsoft closed these vulnerabilities in April 2020 with corresponding updates. As a "reminder for the weekend", we would like to point out that a proof of concept (PoC) has been published for these vulnerabilities. So anyone who is not up to date with the latest patch status should take advantage of the weekend.


The NSA vulnerabilities in Microsoft Exchange

Regular blog readers should actually be well informed and have long updated their Microsoft Exchange servers. Because I had pointed out in the blog post PSA: Watch your Exchange Patch status – 0 day vulnerabilities found, is the next Exchange disaster in sight? that something was coming for Exchange on April 13, 2021. I was wrong about closed vulnerabilities, bBut on patchday, April 13, 2021, security updates for Microsoft Exchange were released.

The National Security Agency (NSA) had discovered and reported several RCE vulnerabilities CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 and CVE-2021-28483 in Microsoft Exchange. These very vulnerabilities were closed on patchday, April 13, 2021 (see Exchange Server Security Update KB5001779 (April 13, 2021)). I therefore assume that next week Tuesday, on the May 2021 patchday, there could be another security update for Exchange Server.

There is a proof of concept (PoC)

I came across this via the following tweet that there seems to be a publicly available proof of concept (PoC) for the vulnerabilities discovered by the NSA in Microsoft Exchange. 

PoC für den von der NSA entdeckten Microsoft Exchange-Bug

Security researcher Nguyen Jang published a technical description of the ProxyLogon vulnerability CVE-2021-28482 on April 26. The blog post is in Vietnamese, but should not be a challenge for hackers if they understand the technical details to achieve remote code execution in an authenticated Exchange Server environment. Nguyen Jang also published on GitHub a demo exploit written in Python for CVE-2021-28482, and the effectiveness of the PoC code was confirmed by Will Dormann, a vulnerability analyst for CERT/CC.


Similar articles:
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Server Security Update KB5001779 (April 13, 2021)
PSA: Watch your Exchange Patch status – 0 day vulnerabilities found, is the next Exchange disaster in sight?

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *