top of page

Address Vulnerabilities from the Microsoft Exchange 2021 Exploits

Updated: Apr 20, 2021

Last week, Microsoft released an advisory surrounding four vulnerabilities being actively exploited within on-premises Microsoft Exchange servers. These vulnerabilities, tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 could permit a remote, unauthenticated attacker to execute code.

If your organization or institution has an Internet-accessible Microsoft Exchange server (on-premise only), it is recommended to:

  1. Update Microsoft Exchange to the latest version as of March 2, 2021.

  2. Identify Indicators of Compromise (IOC) provided by Microsoft as an efficient method to detect whether exploitation occured.

  3. Remove web shells which may be accessible from the Internet.

  4. Monitor and validate the security and confidentiality of Microsoft Exchange.

Cymonix has responded to numerous security incident involving this specific exploit, and in most cases, did not identify significant impacts. Specifically, most organizations and institutions, unless specifically targeted by actors, are typically observed having indicators such as web shells present, but no manual interaction with the impacted asset.

For more information surrounding this vulnerability, including scripts which can be executed, Indicators of Compromise (IOC), and context, see the following resources:

  • Microsoft’s Advisory and Security Blog Post

  • Microsoft’s Patch Release

  • (CISA) Cybersecurity & Infrastructure Security Agency – Alert AA21-062A

If you believe you have experienced a security incident, call our incident response hotline immediately: 860-785-0614

Cymonix line of solutions can proactively address threats to your environment as your trusted long-term cybersecurity partner. A risk assessment can proactively identify and respond to a security incident such as this and can determine if threats are present.

Contact Us

7 views0 comments

Recent Posts

See All

Cybersecurity attacks are on the rise, especially since the onset of the COVID-19 pandemic. Cybercriminals are attacking all businesses, including critical infrastructure and members of the global sup

Microsoft warns about the recently patched Windows MSHTML remote code execution vulnerability tracked (CVE-2021-40444) that has been under active exploitation by multiple threat actors including ranso

The fourth industrial revolution, dubbed Industry 4.0, introduces the use of Cyber Physical Systems (CPSs) in production processes, where the industrial internet of things (IIoT), machine learning, an

bottom of page