Substantial OnPremise Exchange Vulnerabilities announced yesterday Patch Immediately
-
AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065 -
The below powershell should pull logs from your Exchange server to see if you've been compromised.
Import-Csv -Path (Get-ChildItem -Recurse -Path "$env:PROGRAMFILES\Microsoft\Exchange Server\V15\Logging\HttpProxy" -Filter '*.log').FullName | Where-Object { $_.AuthenticatedUser -eq '' -and $_.AnchorMailbox -like 'ServerInfo~*/*' } | select DateTime, AnchorMailbox -
That looks like it's only applicable if you're not using trusted certificates. There's always a man in the middle risk this way.
-
@DustinB3403 Yeah, Exchange 2013 and over. You have to also be on the last 2 Cumulative Updates from Exchange 2013, 2016 or 2019. For 2019 You only can get the updates through Microsoft Volume Licensing.
-
@dbeato said in Substantial OnPremise Exchange Vulnerabilities announced yesterday Patch Immediately:
@DustinB3403 Yeah, Exchange 2013 and over. You have to also be on the last 2 Cumulative Updates from Exchange 2013, 2016 or 2019. For 2019 You only can get the updates through Microsoft Volume Licensing.
Yeah, a customer attempted an update from 2016 CU15.1 to CU19, it errored out on the last step, they restored (bad move) and had some mail flow issues for a bit.
But they are back online now
