Skip to main content

Patch your Microsoft Exchange deployments now, users warned

email marketing
(Image credit: Sendinblue)

Cybersecurity researchers have published a proof-of-concept (PoC) code for an actively exploited high severity vulnerability in Microsoft Exchange servers that Microsoft has already patched in the November 2021 Patch Tuesday.

Successful exploitation of the vulnerability in the popular hosted email server, tracked as CVE-2021-42321, enables authenticated attackers to execute code remotely on Microsoft Exchange Server 2016 and Exchange Server 2019 installations. 

Almost two weeks after the release of Microsoft’s patch, a Vietnamese security researcher who goes by the moniker Janggggg, has released a PoC exploit for the bug, which should further incentivize admins to patch their vulnerable installations. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

"This PoC [will] just pop mspaint.exe on the target, [and] can be use[d] to recognize the signature pattern of a successful attack event," tweeted the researcher while sharing the PoC.

Functional PoC

Reporting on the development, BleepingComputer shares that admins can use the Exchange Server Health Checker script to generate a list of all vulnerable Exchange servers in their network that need to be patched against CVE-2021-42321.

According to Microsoft, the security flaw is caused by improper validation of cmdlet arguments, and comes on the heels of two major malicious Exchange-centric campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon and ProxyShell.

Although the issues have all been patched, the new PoC has once again created an opportunity for threat actors to go after unpatched servers. 

While the researcher did wait for a couple of weeks after the release of the patch to unleash the PoC in a bid to help security researchers understand the flaw, its release should serve as a reminder for lethargic admins to patch their on-premise Exchange servers without further delay. 

Ensure your systems remain secure and updated using one of these best patch management tools

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.