[German]It seems, that many vulnerable Microsoft Exchange servers are been used to play Russian roulette. German CERT-Bund has alerted a warning. They found about 12,000 Exchange Servers 2013/2016/2019, whose OWA is accessible via the Internet and which have at least one unpatched critical vulnerability.
Advertising
CERT-Bund has scanned the Internet for Exchange servers whose Open Web Access (OWA) interface is accessible via the Web and checked the patch level of these machines.
Of the Exchange Server 2013, 2016 and 2019 instances known to the CERT Alliance, approximately 12,000 were found to be patched with outdated CUs. Microsoft no longer provides security updates for this outdated cumulative update state (security updates are only ever provided for the two most recent CUs). Thus, the Exchange Server instances are vulnerable to the following Microsoft Exchange Server Remote Code Execution vulnerabilities:
- CVE-2021-42321: patched November 9, 2021 (see Exchange Server November 2021 Security Updates Close RCE Vulnerability CVE-2021-42321)
- CVE-2021-26427: patched October 12, 2021 (see Security updates for Exchange Server (October 2021))
- CVE-2021-34473: patched July 13, 2021, Proxy Shell vulnerability (see Exchange Server: Update on ProxyShell vulnerabilities)
- CVE-2021-26855: patched March 16, 2021, Proxy Shell vulnerability (see ProxyShell, Squirrelwaffle and a new PoC Exploit, patch your Exchange Server!)
The vulnerabilities have long been exploited by attackers. For example, in the blog post ProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021), I had specifically warned about attacks on the proxy shell vulnerabilities. And there are also ransomware groups exploiting the vulnerabilities, see Babuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks.
Similar articles:
Security updates for Exchange Server (July 2021)
Cumulative Exchange CUs June 2021 released
Exchange Server Security Update KB5001779 (April 13, 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange security updates from July 2021 breaks ECP and OWA
Exchange 2016/2019: Outlook problems due to AMSI integration
Wave of attacks, almost 2,000 Exchange servers hacked via ProxyShell
Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)
Exchange Server: Authentication bypass with ProxyToken
Exchange vulnerabilities: Will we see Hafnium II?
Exchange 2016/2019: Outlook problems due to AMSI integration
Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service
Exchange Server September 2021 CU (2021/09/28)
Security updates for Exchange Server (October 2021)
Tianfu Cup 2021: Exchange 2019 and iPhone hacked
Babuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks
Exchange Server November 2021 Security Updates Close RCE Vulnerability CVE-2021-423
CERT warning: Compromised Exchange servers are misused for email attacks (Nov. 2021)
CERT-Federation, USA, GB warns about attacks on Exchange and Fortinet
ProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021)
ProxyShell, Squirrelwaffle and a new PoC Exploit, patch your Exchange Server!
Advertising
