Rewterz Threat Advisory – CVE-2021-43557 – Apache APISIX Directory Vulnerability
November 23, 2021Rewterz Threat Advisory – Multiple Microsoft Edge Vulnerabilities
November 23, 2021Rewterz Threat Advisory – CVE-2021-43557 – Apache APISIX Directory Vulnerability
November 23, 2021Rewterz Threat Advisory – Multiple Microsoft Edge Vulnerabilities
November 23, 2021Severity
High
Analysis Summary
Limited targeted attacks are being carried out using Microsoft post-authentication vulnerability in Exchange 2016 and 2019 tracked as CVE-2021-42321. Threat actors are targeting unpatched environments and Microsoft is urging Exchange admins to patch the bug exploited in the wild. Exchange admins can search for the list of all Exchange servers in your environment that need updating using the latest version of the Exchange Server Health Checker script.
Exchange admins can also check for any hits on their Exchange Servers by CVE-2021-42321 exploitation attempts, by running this PowerShell query on each Exchange server to check for specific events in the Event Log:
“Get-EventLog -LogName Application -Source “MSExchange Common” -EntryType Error | Where-Object { $_.Message -like “*BinaryFormatter.Deserialize*” }”
CVE-2021-42321
Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Remote Code Execution
Affected Vendors
Microsoft
Affected Products
- Microsoft Exchange Server 2016 CU21
- Microsoft Exchange Server 2019 CU10
- Microsoft Exchange Server 2016 CU22
- Microsoft Exchange Server 2019 CU11
Remediation
It is advised to keep the Exchange Servers up-to date with the latest security patches.
Updates for CVE-2021-42321 can be found below.