Cybersecurity researchers have published a proof-of-concept (PoC) code for an actively exploited high severity vulnerability in Microsoft Exchange servers that Microsoft has already patched in the November 2021 Patch Tuesday.
Successful exploitation of the vulnerability in the popular hosted email server, tracked as CVE-2021-42321, enables authenticated attackers to execute code remotely on Microsoft Exchange Server 2016 and Exchange Server 2019 installations.
Almost two weeks after the release of Microsoft’s patch, a Vietnamese security researcher who goes by the moniker Janggggg, has released a PoC exploit for the bug, which should further incentivize admins to patch their vulnerable installations.
"This PoC [will] just pop mspaint.exe on the target, [and] can be use[d] to recognize the signature pattern of a successful attack event," tweeted the researcher while sharing the PoC.
Functional PoC
Reporting on the development, BleepingComputer shares that admins can use the Exchange Server Health Checker script to generate a list of all vulnerable Exchange servers in their network that need to be patched against CVE-2021-42321.
According to Microsoft, the security flaw is caused by improper validation of cmdlet arguments, and comes on the heels of two major malicious Exchange-centric campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon and ProxyShell.
Although the issues have all been patched, the new PoC has once again created an opportunity for threat actors to go after unpatched servers.
While the researcher did wait for a couple of weeks after the release of the patch to unleash the PoC in a bid to help security researchers understand the flaw, its release should serve as a reminder for lethargic admins to patch their on-premise Exchange servers without further delay.
Ensure your systems remain secure and updated using one of these best patch management tools
