Cyber Risks - users were still running vulnerable versions of Exchange Server posing a Cybersecurity threat by not updating to patched versions..

A Simple Guide to the Microsoft Exchange 0-day Vulnerabilities

Earlier in March Microsoft disclosed several 0-day vulnerabilities within Microsoft Exchange that were actively being exploited by hacking groups. We now have more details about the versions affected and what patches are available for them.

Before we go further if you’re not running an on-prem version of Microsoft Exchange then you can probably stop reading now unless you’re interested to learn patch recommendations.

The Timeline

This is a simplified timeline from a very detailed write-up by KrebsonSecurity that we encourage you to read.

January 2021 – Several groups report findings to Microsoft detailing remote code execution vulnerabilities in Microsoft Exchange which is later confirmed by Microsoft.

Late February 2021 – Attackers begin mass scanning for Exchange servers that are vulnerable and compromising them.

March 2nd, 2021 – Microsoft releases patches for the four 0-day vulnerabilities.

March 5th-7th, 2021KrebsonSecurity estimates that 30,000 organizations in the US are compromised by this which is later confirmed by Wired.com.

March 12th – Microsoft still estimates there are at least 80,000 unpatched Exchange Servers worldwide.

The fallout from these vulnerabilities is deeply concerning and still unknown. PC Matic is confident that it’s customer will remain unharmed with SuperShield running and preventing all unknown payloads that could be brought through the vulnerability of a compromised device.

What Versions Are Affected?

Microsoft has released guidance that the following versions of Exchange are affected.

  • Exchange 2019
  • Exchange 2016
  • Exchange 2013
  • Exchange 2010

Exchange 2003 and 2007 are not believed to be affected at this time and thus have no patches to apply for this vulnerability.

If you are running one of the versions listed above (2019,2016,2013,2010) you must patch that server as soon as possible. Microsoft has laid out several options for patching that range from a move to the latest CU or applying only the security fixes for this set of 0-days to your current CU. If you’re running Exchange 2010 SP3, you can install this update to patch your servers for the March 2021 incident.

Exchange update paths from Microsoft. (source)

If you cannot currently bring your Exchange server up to the latest CU, visit the Microsoft Download Center section of this page, and find your current Exchange version and CU. You can then download the new release version of that CU and apply the security fixes for what is now known as the March 2021 incident.

Examples of links in the Microsoft Download Center section.

What’s next?

Applying the patches from Microsoft is only step 1. It’s important to still look for signs of compromise on any of your exchange servers. There are several write-ups with full details on the attack like this technical article from Microsoft. There you’ll find the attack chain, how you can look for signs of compromise, known hashes associated to compromise, and more.

Again, PC Matic is confident that its customers running SuperShield on Exchange servers will remain secure from any attempts by attackers to deliver payloads to a compromised Exchange Server.

 2,099 total views,  2 views today

(Visited 1 times, 1 visits today)

4 thoughts on “A Simple Guide to the Microsoft Exchange 0-day Vulnerabilities”

  1. Google Chrome is asking me to download Norton Antivirus because my computer is getting suspicious programs, and yes porn is poping up but I have PC Matic

  2. I don’t understand what all this means so I thought PC Matic automatically ran security to protect my computer..Please let me know if I should be doing something else to protect my computer..I don’t totally understand this email..
    thank you, Kathleen Lucas

  3. Solid information here for those that may be concerned about system vulnerabilities. When it comes to these, there’s no such thing as being too careful.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.