Skip to main content

Microsoft urges Exchange admins to patch their on-prem servers now

Email virus and scam theme with aerial view of Manhattan, NY
(Image credit: Shutterstock/TierneyMJ)

Microsoft has issued an urgent security update to patch a high severity vulnerability that affects multiple editions of their popular hosted email server Microsoft Exchange, and could be exploited to remotely execute code on vulnerable servers.

According to Microsoft, the security flaw, tracked as CVE-2021-42321, is caused by improper validation of cmdlet arguments.

“We are aware of limited targeted attacks in the wild using one of [the] vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment,” shares Microsoft.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

It goes on to add that the bug only impacts on-premise Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode. Users of the Exchange Online service are already protected against exploitation attempts, and can safely ignore the advisory.

Patch immediately

Reporting on the development, BleepingComputer notes that Microsoft Exchange has been at the receiving end of two major campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon and ProxyShell.

ProxyLogon was first exploited by state-sponsored threat actors back in March to deploy cryptominers, ransomware, and other malware. Then in August, attackers once again were quick to capitalize after security researchers managed to demonstrate a working exploit that consisted of three chained vulnerabilities in Exchange collectively referred to as ProxyShell.

Both issues have since been addressed, but the new vulnerability has once again given threat actors an opportunity to remotely attack unpatched servers, which would explain the urgency in Microsoft’s appeal to get admins to update their vulnerable installations without delay.

Shield your network against malicious traffic with the help of these best firewall apps and services 

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.