Proof-of-concept exploit code was released over the weekend, which is a concern for businesses heading into the holiday.
The vulnerability being tracked, CVE-2021-42321, is impacting on-premises Exchange Server 2016 and Exchange Server 2019, and was released by Microsoft during their Patch Tuesday. Threat actors can exploit this vulnerability on Exchange Servers and remotely execute code.
Microsoft issued a statement indicating awareness of exploitation taking place via this vulnerability: “We are aware of limited targeted attacks in the wild using one of the vulnerabilities, which is a post-authentication vulnerability in Exchange 2016 and 2019.”
SpearTip’s engineers recommend patching any potentially affected servers immediately. Over the past year, Exchange Servers have remained a heavy target for threat actors looking to infiltrate organizations. Threat actors are already attempting to scan for vulnerable systems to deploy web shells, cryptominers, ransomware, and other forms of malware. SpearTip broke the news back in March of the Microsoft Exchange Server exploitation and with further investigation found that ransomware was deployed on the servers. While the current flaw, CVE-2021-42321, and those from March are different, the continued exploitation of Exchange server weaknesses highlights the need for organizations to enhance their security posture.
With cybercriminals continuously targeting Microsoft Exchange Servers and the vulnerabilities like the proof-of-concept exploit code, it’s important for companies to stay aware of the latest threat landscape and eliminate any vulnerabilities with updated security patches to prevent more exploitations. At SpearTip, our certified engineers are working 24/7 at our Security Operations Centers monitoring your networks for potential exploitation by hackers. The ShadowSpear platform, our endpoint detection and response tool, integrates with cloud, network, and endpoint devices and has the technical capabilities and technology to defend your environment from unknown vulnerabilities, including those exploited on the Microsoft Exchange Servers.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.