{"id":19824,"date":"2021-05-07T21:54:41","date_gmt":"2021-05-07T19:54:41","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19824"},"modified":"2022-04-14T11:45:22","modified_gmt":"2022-04-14T09:45:22","slug":"poc-fr-den-von-der-nsa-entdeckten-microsoft-exchange-bug-ffentlich","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/05\/07\/poc-fr-den-von-der-nsa-entdeckten-microsoft-exchange-bug-ffentlich\/","title":{"rendered":"PoC for Microsoft Exchange bug discovered by NSA public"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/05\/07\/poc-fr-den-von-der-nsa-entdeckten-microsoft-exchange-bug-ffentlich\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Various security vulnerabilities in Microsoft Exchange were discovered by the US intelligence agency NSA and reported to Microsoft. Microsoft closed these vulnerabilities in April 2020 with corresponding updates. As a \"reminder for the weekend\", we would like to point out that a proof of concept (PoC) has been published for these vulnerabilities. So anyone who is not up to date with the latest patch status should take advantage of the weekend.<\/p>\n<p><!--more--><\/p>\n<h2>The NSA vulnerabilities in Microsoft Exchange<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/f57279c9eb644446952edcc7682d5140\" width=\"1\" height=\"1\">Regular blog readers should actually be well informed and have long updated their Microsoft Exchange servers. Because I had pointed out in the blog post <a href=\"https:\/\/borncity.com\/win\/2021\/04\/11\/vorwarnung-0-day-schwachstellen-ist-das-nchste-exchange-drama-im-anrollen\/\">PSA: Watch your Exchange Patch status \u2013 0 day vulnerabilities found, is the next Exchange disaster in sight?<\/a> that something was coming for Exchange on April 13, 2021. I was wrong about closed vulnerabilities, bBut on patchday, April 13, 2021, security updates for Microsoft Exchange were released. <\/p>\n<p>The National Security Agency (NSA) had discovered and reported several RCE vulnerabilities <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2021-28480\" target=\"_blank\" rel=\"noopener\">CVE-2021-28480<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2021-28481\" target=\"_blank\" rel=\"noopener\">CVE-2021-28481<\/a>, <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2021-28482\" target=\"_blank\" rel=\"noopener\">CVE-2021-28482<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2021-28483\" target=\"_blank\" rel=\"noopener\">CVE-2021-28483<\/a> in Microsoft Exchange. These very vulnerabilities were closed on patchday, April 13, 2021 (see <a href=\"https:\/\/borncity.com\/win\/2021\/04\/14\/exchange-server-security-update-kb5001779-13-april-2021\/\">Exchange Server Security Update KB5001779 (April 13, 2021)<\/a>). I therefore assume that next week Tuesday, on the May 2021 patchday, there could be another security update for Exchange Server. <\/p>\n<h2>There is a proof of concept (PoC) <\/h2>\n<p>I came across this via the following <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1389269704091578370\" target=\"_blank\" rel=\"noopener\">tweet<\/a> that there seems to be a publicly available proof of concept (PoC) for the vulnerabilities discovered by the NSA in Microsoft Exchange.&nbsp; <\/p>\n<p><a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1389269704091578370\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"PoC f&uuml;r den von der NSA entdeckten Microsoft Exchange-Bug \" alt=\"PoC f&uuml;r den von der NSA entdeckten Microsoft Exchange-Bug \" src=\"https:\/\/i.imgur.com\/QrqlISq.png\"><\/a><\/p>\n<p>Security researcher Nguyen Jang published a technical description of the ProxyLogon vulnerability CVE-2021-28482 on April 26. The <a href=\"https:\/\/testbnull.medium.com\/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f\" target=\"_blank\" rel=\"noopener\">blog pos<\/a>t is in Vietnamese, but should not be a challenge for hackers if they understand the technical details to achieve remote code execution in an authenticated Exchange Server environment. Nguyen Jang also <a href=\"https:\/\/gist.github.com\/testanull\/9ebbd6830f7a501e35e67f2fcaa57bda\" target=\"_blank\" rel=\"noopener\">published on GitHub a demo exploit<\/a> written in Python for CVE-2021-28482, and the effectiveness of the PoC code was confirmed by Will Dormann, a vulnerability analyst for CERT\/CC. <\/p>\n<p><strong>Similar articles:<\/strong><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/04\/14\/exchange-server-security-update-kb5001779-13-april-2021\/\">Exchange Server Security Update KB5001779 (April 13, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/04\/11\/vorwarnung-0-day-schwachstellen-ist-das-nchste-exchange-drama-im-anrollen\/\">PSA: Watch your Exchange Patch status \u2013 0 day vulnerabilities found, is the next Exchange disaster in sight?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Various security vulnerabilities in Microsoft Exchange were discovered by the US intelligence agency NSA and reported to Microsoft. Microsoft closed these vulnerabilities in April 2020 with corresponding updates. As a \"reminder for the weekend\", we would like to point out &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/05\/07\/poc-fr-den-von-der-nsa-entdeckten-microsoft-exchange-bug-ffentlich\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[869,69],"class_list":["post-19824","post","type-post","status-publish","format-standard","hentry","category-security","tag-exchange","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19824","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19824"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19824\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}