New patch Tuesday revealed a new critical “Remote code Execution vulnerability” within On-Prem Microsoft exchange servers. Successful exploitation could allow an actor to gain remote code execution with elevated privileges on the impacted device. This can facilitate the deployment of malware to enable continued access to the compromised system, even after the system has been patched.
Microsoft Exchange Online is not known to be affected by these vulnerabilities. While there is no information available that indicates these vulnerabilities have been exploited, Securecom is aware of multiple actors exploiting previously identified Exchange vulnerabilities (hafnium) that were patched by Microsoft in March 2021.
CVE-2021-28480 has a staggering 9.8 cvss (Common Vulnerability Scoring System) value and it is advised to patch your Microsoft Exchange 2013, 2016 and 2019 Servers as soon as possible (read: immediately).
Securecom immediately stood up a rapid response team. We alerted all our customers with on-prem MS Exchange servers of the possible threat and initialised a remediation plan.
If you need any assistance with remediation of this vulnerability, please do reach out to us. More information can be found on Microsoft’s update guide page.