Microsoft urge Exchange Admins to urgently patch their on-prem servers

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

microsoft-exchange-logo

Microsoft has released urgent security fixes for Exchange Server 2013, 2016 and 2019 to address a remote code execution vulnerability which is being actively exploited in the wild.

The November 2021 security updates for Exchange Server fixes vulnerabilities that seems to be have been presented at Tianfu, the Chinese Pwn2Own contest, and also from internal research by Microsoft.

The flaw is a post-authentication vulnerability in Exchange 2016 and 2019  and Microsoft says they are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321). They recommend that admins install the updates immediately to protect their environment.

The vulnerabilities affect on-premises Microsoft Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action.

To check if you have already been infected run the following PowerShell query on your Exchange server to check for specific events in the Event Log:

Get-EventLog -LogName Application -Source “MSExchange Common” -EntryType Error | Where-Object { $_.Message -like “*BinaryFormatter.Deserialize*” }

More details about specific CVEs can be found in Security Update Guide (filter on Exchange Server under Product Family).

via BleepingComputer

More about the topics: exchange, microsoft, vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *