• Skip to primary navigation
  • Skip to main content
nGuard

nGuard

Call us p. 704.583.4088
  • Solutions
    • Security Assessments
    • Compliance
    • Cyber Security Incidence Response
    • Penetration Testing
    • Managed Event Collection
    • Vulnerability Management
    • Red Teaming
    • Mobile Security
    • Cloud Security
  • Industries
    • Healthcare
    • Energy
    • Information Technology
    • Manufacturing
  • About Us
    • Our Company
    • Careers
    • Blog
  • Contact
Client PortalSpeak to An Expert

Written by nGuard / March 19, 2021

Critical Exchange Zero-Day

Share

Summary
This month, Microsoft released security patches for multiple zero-day exploits targeting on-premise Exchange servers. CVE-2021-26855 allows a malicious attacker to bypass authentication and impersonate users. Not only does this vulnerability allow an attacker to compromise email accounts, but the ability to install malware for persistent access or ransomware is also available. Microsoft has labeled this as a critical vulnerability that must be patched immediately.

As of this week, full proof-of-concept exploits are popping up online. This allows the exploit to become more widely exploited by malicious actors with little to no technical expertise. Check out the video below to see just how easy it is to gain a high-privilege shell with the public proof-of-concept code. It is estimated that nearly 80,000 Exchange servers exposed to the internet are still vulnerable to this exploit. If your organization is utilizing Microsoft’s on-premise Exchange service, it is essential that it be patched right away to avoid compromise.

What to do?
Microsoft has released their Exchange On-premises Mitigation Tool (EOMT) to address CVE-2021-26855 which is the most effective way to protect and mitigate exchange servers prior to patching. If you need to check if your exchange servers are vulnerable, use this handy script from Microsoft which is formerly known as the HAFNIUM script. The United States CISA is recommending all organizations use this script to determine if their exchange servers have been compromised. Stay updated with alerts from US-CERT.

Filed Under: Advisory, Breach, General, Vulnerabilities & Exploits

nGuard

nGuard

3540 Toringdon Way
Suite 200
Charlotte, NC 28277-4650

info@nGuard.com

Client Portal

Solutions

  • Security Assessments
  • Compliance
  • Cyber Security Incident Response
  • Penetration Testing
  • Managed Event Collection
  • nGuard Vulnerability Management
  • Mobile Security
  • Cloud Security

Industries

  • Energy
  • Healthcare
  • Manufacturing
  • Information Technology

About Us

  • Our Company
  • Careers
  • Blog

© 2023 nGuard. All rights reserved.

  • Privacy Policy