Critical vulnerabilities in the Exchange Email Server

Microsoft recently announced critical vulnerabilities in the Exchange Email Server product.

Exploits of these vulnerabilities can result in full compromise of an Exchange Server and/or unauthorized access of Exchange mailboxes. It is critical that companies act with all speed and due care in remediating this issue within their own environment and their supply chain.

To assist in identifying and triaging this issue within your vendor population, XeneX provides expert resources for forensic analysis, remediation and patching. XeneX utilizes the latest AI technology to identify if an environment is compromised and the remediation.

The individual Microsoft Exchange versions related to these vulnerabilities include:

• OWA - Exchange Server 2010 SP3 (All updates)

• OWA - Exchange Server 2013 CU23

• OWA - Exchange Server 2016 CU18

• OWA - Exchange Server 2016 CU19

• OWA - Exchange Server 2019 CU7

• OWA - Exchange Server 2019 CU8

In addition to the resources provided by XeneX, we also recommend customers utilize the detection and remediation tools provided by Microsoft and US-CERT:

Patches available through Microsoft:

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

Mitigations and Forensic indicators for Exchange Server:

https://us-cert.cisa.gov/ncas/alerts/aa21-062a

Microsoft Tool to Scan for IOC’s:

https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities

Please reach out to us with any questions you may have regarding this vulnerability.