Rewterz Threat Advisory – Microsoft Exchange Server Remote Code Execution Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-28480

It is a pre-authentication vulnerability in the Microsoft Exchange Server. The attacker will not require authentication to access the vulnerable exchange server in order to exploit it.  The attacker will be able to execute an arbitrary code on the system. This is done by sending a specially-crafted request.

CVE-2021-28481

Like the CVE-2021-28480, the CVE-2021-28481 is also a pre-authentication vulnerability. The attacker can exploit the vulnerability by performing reconnaissance against the intended target. The next step is to send specially crafted requests to the vulnerable Exchange server. The attacker can exploit the vulnerability to run an arbitrary code on the system.

CVE-2021-28482

It is a post-authentication vulnerability in the Microsoft Exchange Server. Unlike the above two, this vulnerability is only exploitable when the attacker has authenticated to a vulnerable Exchange Server. Once the attacker has authenticated the Exchange server, they will be able to execute arbitrary codes on the system.

CVE-2021-28483

It is a post-authentication vulnerability in the Microsoft Exchange Server. Once the attacker is able to authenticate to a vulnerable Exchange Server, they can run arbitrary codes on the server.

Impact

Remote Code Execution

Affected Vendors

Microsoft

Affected Products

• Microsoft Exchange Server 2013 CU23
• Microsoft Exchange Server 2016 CU19
• MIcosoft Exchange Server 2016 CU20
• Microsoft Exchange Server 2019 CU8
• Microsoft Exchange Server 2019 CU9

Remediation

Select and install the latest Microsoft Automatic Updates with the appropriate patch for your system. Use the Microsoft Security Update Guide to configure and search for the available patches. https://www.microsoft.com/en-us/download/details.aspx?id=103001