Microsoft has issued an urgent security update to patch a high severity vulnerability that affects multiple editions of their popular hosted email server Microsoft Exchange, and could be exploited to remotely execute code on vulnerable servers.
According to Microsoft, the security flaw, tracked as CVE-2021-42321, is caused by improper validation of cmdlet arguments.
“We are aware of limited targeted attacks in the wild using one of [the] vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment,” shares Microsoft.
It goes on to add that the bug only impacts on-premise Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode. Users of the Exchange Online service are already protected against exploitation attempts, and can safely ignore the advisory.
Patch immediately
Reporting on the development, BleepingComputer notes that Microsoft Exchange has been at the receiving end of two major campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon and ProxyShell.
ProxyLogon was first exploited by state-sponsored threat actors back in March to deploy cryptominers, ransomware, and other malware. Then in August, attackers once again were quick to capitalize after security researchers managed to demonstrate a working exploit that consisted of three chained vulnerabilities in Exchange collectively referred to as ProxyShell.
Both issues have since been addressed, but the new vulnerability has once again given threat actors an opportunity to remotely attack unpatched servers, which would explain the urgency in Microsoft’s appeal to get admins to update their vulnerable installations without delay.
Shield your network against malicious traffic with the help of these best firewall apps and services
