{"id":22387,"date":"2021-12-01T01:46:00","date_gmt":"2021-12-01T00:46:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22387"},"modified":"2021-12-01T01:47:54","modified_gmt":"2021-12-01T00:47:54","slug":"cert-bund-warnung-30-der-deutschen-exchange-server-mit-offenem-owa-angreifbar","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/12\/01\/cert-bund-warnung-30-der-deutschen-exchange-server-mit-offenem-owa-angreifbar\/","title":{"rendered":"German CERT-Bund warns about vulnerable Exchange Server with OWA reachable from Internet"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/12\/01\/cert-bund-warnung-30-der-deutschen-exchange-server-mit-offenem-owa-angreifbar\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]It seems, that many vulnerable Microsoft Exchange servers are been used to play Russian roulette. German CERT-Bund has alerted a warning. They found about 12,000 Exchange Servers 2013\/2016\/2019, whose OWA is accessible via the Internet and which have at least one unpatched critical vulnerability.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/b3e826c6495a4ee1b4e6f47253faff6a\" width=\"1\" height=\"1\">CERT-Bund has scanned the Internet for Exchange servers whose Open Web Access (OWA) interface is accessible via the Web and checked the patch level of these machines. <\/p>\n<p><a href=\"https:\/\/twitter.com\/certbund\/status\/1465705906880991247\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"CERT-Bund-Warnung Exchange-Schwachstellen\" alt=\"CERT-Bund-Warnung Exchange-Schwachstellen\" src=\"https:\/\/i.imgur.com\/AO4H3sH.png\"><\/a><\/p>\n<p>Of the Exchange Server 2013, 2016 and 2019 instances known to the CERT Alliance, approximately 12,000 were found to be patched with outdated CUs. Microsoft no longer provides security updates for this outdated cumulative update state (security updates are only ever provided for the two most recent CUs). Thus, the Exchange Server instances are vulnerable to the following Microsoft Exchange Server Remote Code Execution vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-42321\" target=\"_blank\" rel=\"noopener\">CVE-2021-42321<\/a>: patched November 9, 2021 (see <a href=\"https:\/\/borncity.com\/win\/2021\/11\/10\/exchange-server-november-2021-sicherheitsupdates-schlieen-rce-schwachstelle-cve-2021-423\/\" target=\"_blank\" rel=\"noopener\">Exchange Server November 2021 Security Updates Close RCE Vulnerability CVE-2021-42321<\/a>)\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26427\" target=\"_blank\" rel=\"noopener\">CVE-2021-26427<\/a>: patched October 12, 2021 (see <a href=\"https:\/\/borncity.com\/win\/2021\/10\/13\/sicherheitsupdates-fr-exchange-server-oktober-2021\/\">Security updates for Exchange Server (October 2021)<\/a>)\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34473\" target=\"_blank\" rel=\"noopener\">CVE-2021-34473<\/a>: patched July 13, 2021, Proxy Shell vulnerability (see <a href=\"https:\/\/borncity.com\/win\/2021\/08\/10\/exchange-server-neues-zu-den-proxyshell-schwachstellen\/\">Exchange Server: Update on ProxyShell vulnerabilities<\/a>)\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26855\" target=\"_blank\" rel=\"noopener\">CVE-2021-26855<\/a>: patched March 16, 2021, Proxy Shell vulnerability (see <a href=\"https:\/\/borncity.com\/win\/2021\/11\/23\/warnung-proxyshell-squirrelwaffle-und-ein-poc-eploit-patcht-endlich-eure-exchange-server\/\">ProxyShell, Squirrelwaffle and a new PoC Exploit, patch your Exchange Server!<\/a>)<\/li>\n<\/ul>\n<p>The vulnerabilities have long been exploited by attackers. For example, in the blog post <a href=\"https:\/\/borncity.com\/win\/2021\/11\/20\/proxynoshell-mandiant-warnt-vor-neuen-angriffsmethoden-auf-exchange-server-nov-2021\/\">ProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021)<\/a>, I had specifically warned about attacks on the proxy shell vulnerabilities. And there are also ransomware groups exploiting the vulnerabilities, see <a href=\"https:\/\/borncity.com\/win\/2021\/11\/06\/babuk-gang-nutzt-proxyshell-schwachstelle-in-exchange-fr-ransomware-angriffe\/\">Babuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks<\/a>. <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2021\/07\/14\/sicherheitsupdates-fr-exchange-server-juli-2021\/\">Security updates for Exchange Server (July 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/06\/29\/kumulative-exchange-updates-juni-2021-verffentlicht\/\">Cumulative Exchange CUs June 2021 released<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/04\/14\/exchange-server-security-update-kb5001779-13-april-2021\/\">Exchange Server Security Update KB5001779 (April 13, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/17\/exchange-sicherheitsupdates-von-juli-2021-zerschieen-ecp-und-owa\/\">Exchange security updates from July 2021 breaks ECP and OWA<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/22\/angriffswelle-fast-2-000-exchange-server-ber-proxyshell-gehackt\/\">Wave of attacks, almost 2,000 Exchange servers hacked via ProxyShell<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/30\/exchange-server-authentifizierungs-bypass-mit-proxytoken\/\">Exchange Server: Authentication bypass with ProxyToken<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/08\/exchange-schwachstellen-droht-hafnium-ii\/\">Exchange vulnerabilities: Will we see Hafnium II?<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/09\/29\/exchange-server-september-2021-cu-28-9-2021\/\">Exchange Server September 2021 CU (2021\/09\/28)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/10\/13\/sicherheitsupdates-fr-exchange-server-oktober-2021\/\">Security updates for Exchange Server (October 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/10\/17\/tifanu-cup-2021-exchange-2019-und-iphone-gehackt\/\">Tianfu Cup 2021: Exchange 2019 and iPhone hacked<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/06\/babuk-gang-nutzt-proxyshell-schwachstelle-in-exchange-fr-ransomware-angriffe\/\">Babuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/10\/exchange-server-november-2021-sicherheitsupdates-schlieen-rce-schwachstelle-cve-2021-423\/\">Exchange Server November 2021 Security Updates Close RCE Vulnerability CVE-2021-423<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/13\/bsi-cert-warnung-kompromittierte-exchange-server-werden-fr-e-mail-angriffe-missbraucht-nov-2021\/\">CERT warning: Compromised Exchange servers are misused for email attacks (Nov. 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/18\/warnung-cert-bund-usa-gb-vor-angriffen-auf-exchange-und-fortinet\/\">CERT-Federation, USA, GB warns about attacks on Exchange and Fortinet<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/20\/proxynoshell-mandiant-warnt-vor-neuen-angriffsmethoden-auf-exchange-server-nov-2021\/\">ProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/11\/23\/warnung-proxyshell-squirrelwaffle-und-ein-poc-eploit-patcht-endlich-eure-exchange-server\/\">ProxyShell, Squirrelwaffle and a new PoC Exploit, patch your Exchange Server!<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]It seems, that many vulnerable Microsoft Exchange servers are been used to play Russian roulette. German CERT-Bund has alerted a warning. They found about 12,000 Exchange Servers 2013\/2016\/2019, whose OWA is accessible via the Internet and which have at least &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/12\/01\/cert-bund-warnung-30-der-deutschen-exchange-server-mit-offenem-owa-angreifbar\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[869,69],"class_list":["post-22387","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exchange","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22387"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22387\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}