Research Lab

Detect Zero-Day Exploits in Microsoft’s Exchange Server

Last week, Microsoft released an important blog that details that details how HAFNIUM, a state-sponsored threat actor operating out of China, exploited Microsoft Exchange Servers with zero-day exploits along with other code execution vulnerabilities in the Sharepoint software.

The detailed list of vulnerabilities that Microsoft customers need to update immediately are:

• CVE-2021-26411 – Internet Explorer Memory Corruption Vulnerability

• CVE-2021-26855 – Microsoft Exchange Server Remote Code Execution Vulnerability

• CVE-2021-26857 – Microsoft Exchange Server Remote Code Execution Vulnerability

• CVE-2021-26877 – Windows DNS Server Remote Code Execution Vulnerability

• CVE-2021-26897 – Windows DNS Server Remote Code Execution Vulnerability

• CVE-2021-27076 – Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft has released a special announcement for the March 2021 Exchange Server updates. In this announcement, Microsoft is requesting all customers to take effective security measures to safeguard their Exchange servers. Details about the important patch and the effective path to update older Exchange servers are available here.  

Microsoft advises that these patches are only intended to be a temporary fix. Customers are still required to update their software to the latest version and apply any relevant security patches to their server. Microsoft recommends updating your software and applying the latest security patches here.  

Important takeaways from Microsoft on this recent development:

• These updated packages contain only fixes for March 2021 CVEs (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065). No other product updates or security fixes are included. Installing these updates does not mean an unsupported cumulative update is now supported.
• Updates are available only through the Microsoft Download Center (not on Microsoft Update).
• Microsoft is producing updates only for some older cumulative updates running Exchange 2016 and 2019.
• If you are running a version of Exchange not covered by these updates, consider either rolling forward to a cumulative update package that has an applicable security update or rolling forward to a supported cumulative update (preferred option). In case you need to go forward with cumulative updates, please see: best practices for the installation of Exchange updates (this applies to all versions of Exchange).

Versa Detects Zero Days with Latest Security Package

Versa customers are protected from these zero-day exploits. As of Security Package 1803, Versa customers can detect all important vulnerabilities discovered in the Microsoft Exchange Server as well as additional detection for other security vulnerabilities in Sharepoint and the DNS server as listed above.

Versa customers looking to activate their Security Package can visit our guidelines here to get detailed instructions on how to download and run the latest in threat detection. Please reach out to your support representative if you have any questions or access our support team here.