Security
Headlines
HeadlinesLatestCVEs

Headline

On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to affected systems. The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes.

msrc-blog
#vulnerability#web#windows#microsoft#js#git#intel#rce#zero_day

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to affected systems.

The vulnerabilities affect Exchange Server versions 2013, 2016, and 2019, while Exchange Server 2010 is also being updated for defense-in-depth purposes. Exchange Online is not affected.

These vulnerabilities are being exploited as part of an attack chain. The initial attack requires the ability to make an untrusted connection to the Exchange server, but other portions of the attack can be triggered if the attacker already has access or gets access through other means. This means that mitigations such as restricting untrusted connections or setting up a VPN will only protect against the initial portion of the attack to change the attack surface or partially mitigate, and that patching is the only way to mitigate completely.

Since these patches were released, we have published several articles and blog posts helping customers understand these vulnerabilities, and their exploitation patterns, and shared detailed guidance on how the malicious actors are exploiting these vulnerabilities and targeting customers. We are aware that there is a lot of detail to understand and are adding this summary of Microsoft’s guidance for security incident responders and Exchange administrators on what steps to take to secure their Exchange environments.

Organizations should review and digest the entirety of this guidance before taking action, as the specific order of actions taken to achieve the response objectives is situational and depends on the outcomes of the investigation.

Executive Summary and Background Information Executive Summary and Background Information

Microsoft continues to investigate the extent of the recent Exchange Server on-premises attacks. Our goal is to provide the latest threat intelligence, Indicators of Compromise (IOC)s, and guidance across our products and solutions to help the community respond, harden infrastructure, and begin to recover from this unprecedented attack. As new information becomes available, we will make updates to this article at https://aka.ms/ExchangeVulns

  • March 25, 2021 - Analyzing attacks taking advantage of the Exchange Server vulnerabilities

  • March 25, 2021 - Web Shell Threat Hunting with Azure Sentinel

  • March 18, 2021 - Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

  • March 16, 2021 - Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

  • March 15, 2021 -One-Click Microsoft Exchange On-premises Mitigation Tool

  • March 8, 2021 - March 8 Exchange Team Blog

  • March 5, 2021 - Microsoft Exchange Server Vulnerabilities Mitigations

  • March 2, 2021 - Microsoft Security Blog: Hafnium Targeting Exchange

  • March 2, 2021 - Microsoft on the Issues

  • March 2, 2021 - Exchange Team Blog

  • CVE-2021-26855

  • CVE-2021-26857

  • CVE-2021-26858

  • CVE-2021-27065

  • Not related to known attacks

    • CVE-2021-26412
    • CVE-2021-26854
    • CVE-2021-27078

Overview of the Attack and Exploitation

Microsoft originally followed the adversary group HAFNIUM launching targeted attacks against specific organizations. Recently other adversary groups have started targeting these vulnerabilities, and we expect that these attacks will continue to increase as attackers investigate and automate exploitation of these vulnerabilities. Not all these footholds are being utilized immediately, and some were likely put in place for future exploitation. A detailed overview is available here: HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security

While some adversary groups are installing web shells as broadly as possible for future use, some are also conducting further operations on compromised servers and attempting to move laterally into organizations’ environments to establish deeper persistence. This document provides instructions to remediate web shells and determine the initial ingress of an adversary.

Organizations that have detected or suspect more advanced post exploitation activities, such as credential dumps, lateral movement, and installation of further malware/ransomware, should consider enlisting the services of cybersecurity response professionals. Investigating and remediating post-exploitation across an IT environment is beyond the scope of this blog, but we want organizations to understand where we recommend they begin their investigations based on the patterns of behavior we’ve seen associated with exploitation of these vulnerabilities.

Recommended Response Steps

Successful response requires being able to communicate without the attacker eavesdropping on your communications. Until you have achieved assurance of the privacy of your communications on your current infrastructure, use completely isolated identities and communication resources to coordinate your response and discuss topics that could potentially tip off the attacker to your investigation.

Successful response should consist of the following steps:

  1. Deploy updates to affected Exchange Servers.

  2. Investigate for exploitation or indicators of persistence.

  3. Remediate any identified exploitation or persistence and investigate your environment for indicators of lateral movement or further compromise.

Microsoft recommends that you update and investigate in parallel, but if you must prioritize one, prioritize updating and mitigation of the vulnerability.

It is imperative that you update or mitigate your affected Exchange deployments immediately. These vulnerabilities are being actively exploited by multiple adversary groups. For the highest assurance, block access to vulnerable Exchange servers from untrusted networks until your Exchange servers are patched or mitigated. If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch.

If you are an experienced IT professional or incident responder, review our Guidance for Responders post for more detailed recommendations that will be continually updated when Microsoft has new information about responding to these attacks.

Deploy updates to affected Exchange Servers

If you do not have an inventory of servers in your environments that run Exchange, you can use the nmap script Microsoft has provided to scan your networks for vulnerable Exchange deployments. For the Exchange servers in your environment, immediately apply updates for the version of Exchange you are running. While these Security Updates do not apply to Exchange Online / Office 365, if you are in Hybrid mode you need to apply them to your on-premises Exchange Server, even if it is used for management purposes only. You do not need to re-run (Hybrid Configuration Wizard) HCW if you are using it. The high-level summary of our patching guidance is:

  • Exchange Online is not affected.

  • Exchange 2003 and 2007 are no longer supported but are not believed to be affected by the March 2021 vulnerabilities. You must upgrade to a supported version of Exchange to ensure that you are able to secure your deployment against vulnerabilities fixed in current versions of Microsoft Exchange and future fixes for security issues.

  • Exchange 2010 is only impacted by CVE-2021-26857, which is not the first step in the attack chain. Organizations should apply the update and then follow the guidance below to investigate for potential exploitation and persistence.

  • Exchange 2013, 2016, and 2019 are impacted. Immediately deploy the updates or apply mitigations described below. For help identifying which updates you need to get from your current CU version to a version with the latest security patches follow this guidance: Released: March 2021 Exchange Server Security Updates - Microsoft Tech Community. You can use the linked Health Checker script here to help you identify exactly which CUs are needed for your deployment. Microsoft has also released additional Security Updates for select older Exchange CUs to accelerate their path to patched for these vulnerabilities.

Mitigations: If for some reason you cannot update your Exchange servers immediately, we have released instructions for how to mitigate these vulnerabilities through reconfiguration. We recognize that applying the latest patches to Exchange servers may take time and planning, especially if organizations are not on recent versions and/or associated cumulative and security patches. We recommend prioritizing installing the patches on Exchange Servers that are externally facing first, but all affected Exchange Servers should be updated urgently. The Mitigations suggested are not substitutes for installing the updates and will impact some Exchange functionality while in place. Detailed guidance on applying the alternate mitigations is provided here: Microsoft Exchange Server Vulnerabilities Mitigations – March 2021.

Applying the update or the alternative mitigation techniques will not evict an adversary who has already compromised your environment. The remainder of this document shares guidance to help you determine whether your Exchange servers were exploited before mitigating the issue and how to remediate some types of attacks.

Investigate for exploitation, persistence, or evidence of lateral movement

In addition to protecting your Exchange servers from exploitation, you should assess to ensure that the vulnerabilities were not exploited before you got them to a protected state.

  1. Analyze the Exchange product logs for evidence of exploitation. Microsoft released detailed steps here including scripts to help automate: Scan Exchange log files for indicators of c__ompromise. If you choose to use the script provided, you will have an option to scan some or all of your Exchange servers at the same time.

  2. Scan for known web shells. The Microsoft Defender team has included security intelligence for known malware related to these vulnerabilities in the latest version of the Microsoft Safety Scanner. Run this Safety Scanner on every Exchange server in your environment. If you need assistance, detailed guidance can be found here: CSS-Exchange/Defender-MSERT-Guidance.md at main · microsoft/CSS-Exchange · GitHub

For Microsoft Defender and Microsoft Defender for Endpoint customers, please make sure you are on the latest security intelligence patch: Latest security intelligence patches for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

  1. Use the Microsoft IOC feed for newly observed indicators. To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed of observed indicators of compromise (IOCs). The feed of malware hashes and known malicious file paths observed in related attacks is available in both JSON and CSV formats at the below GitHub links. This information is being shared as TLP:WHITE (free for all to use)
  • CSV format
  • JSON format
  1. Leverage other organizational security capabilities in addition to these tools. The tools above make the threat intelligence that Microsoft has been accumulating related to exploitation of these vulnerabilities available to all organizations. Your organization may also have its own security controls, and we recommend that you increase your vigilance on signals from Exchange servers in your current security controls too.

Remediate any identified exploitation or persistence

If you find any evidence of exploitation (e.g., in Exchange application logs), ensure you are retaining the logs, and use the details such as timestamps and source IPs to drive further investigation.

If you find known bad files using your endpoint security solution, the Microsoft IOC feed, or the Microsoft Safety Scanner, take the following actions:

  1. Remediate and quarantine them for further investigation unless they are expected customizations in your environment.

  2. Search your IIS logs to identify whether or not the files identified as malicious have been accessed.

  3. Consider submitting suspected malicious files to Microsoft for analysis following this guidance: Submit files for analysis by Microsoft - Windows security | Microsoft Docs and include the string “ExchangeMarchCVE” in the Additional Information text box of the submission form.

As part of hunting and scanning, if you find evidence of exploitation of the Unified Messaging RCE (CVE-2021-26857), you should delete potential uncleaned exploit files in %ExchangeInstallPath%\UnifiedMessaging\voicemail

If you find any evidence of external access to a suspect file identified above, use this information to drive further investigation on impacted servers and across your environment. Our blog post on the Hafnium attack goes into details for folks who need additional details for IOC’s, File Hashes, etc.: HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security

If any of your security detections or the investigation tools results lead you to suspect that your Exchange servers have been compromised and an attacker has actively engaged in your environment, execute your Security Incident Response plans, and consider engaging experienced Incident Response assistance. It is particularly critical if you suspect that your Exchange environment is compromised by a persistent adversary that you coordinate your response using alternative communications channels as mentioned earlier in this document.

Related news

'Prometei' Botnet Spreads Its Cryptojacker Worldwide

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021

Cyber espionage groups associated with China have been linked to a long-running campaign that has infiltrated several telecom operators located in a single Asian country at least since 2021. "The attackers placed backdoors on the networks of targeted companies and also attempted to steal credentials," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News

WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections

New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

Chinese APT's favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. (Read more...) The post Chinese APT's favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Chinese APT's favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. (Read more...) The post Chinese APT's favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Chinese APT's favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. (Read more...) The post Chinese APT's favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Chinese APT's favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. (Read more...) The post Chinese APT's favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Chinese Hackers Hiding Malware in Windows Logo

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

Chinese Hackers Hiding Malware in Windows Logo

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

Espionage Group Wields Steganographic Backdoor Against Govs, Stock Exchange

APT group Witchetty (aka LookingFrog) has exploited the ProxyShell and ProxyLogon vulnerabilities to gain initial access and deploy new custom cyber tools against government agencies and a stock exchange.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. Alternative video link (for Russia): https://vk.com/video-149273431_456239097 What’s in this episode: Microsoft released a propaganda […]

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. Alternative video link (for Russia): https://vk.com/video-149273431_456239097 What’s in this episode: Microsoft released a propaganda […]

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. Alternative video link (for Russia): https://vk.com/video-149273431_456239097 What’s in this episode: Microsoft released a propaganda […]

Vulnerability Management news and publications #2

Hello everyone! This is the second episode of Vulnerability Management news and publications. In fact, this is a collection of my posts from the avleonovcom and avleonovrus telegram channels. Therefore, if you want to read them earlier, subscribe to these channels. Alternative video link (for Russia): https://vk.com/video-149273431_456239097 What’s in this episode: Microsoft released a propaganda […]

Attackers Have 'Favorite' Vulnerabilities to Exploit

While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.

Attackers Have 'Favorite' Vulnerabilities to Exploit

While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.

Attackers Have 'Favorite' Vulnerabilities to Exploit

While attackers continue to rely on older, unpatched vulnerabilities, many are jumping on new vulnerabilities as soon as they are disclosed.

What Talos Incident Response learned from a recent Qakbot attack hijacking old email threads

By Nate Pors and Terryn Valikodath.   Executive summary  In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021 ProxyLogon-related compromises targeting vulnerable Microsoft Exchange servers.  This campaign relies on external thread hijacking, whereby the adversary is likely using a bulk aggregation of multiple organizations’ harvested emails to launch focused phishing campaigns against previously uncompromised organizations. This differs from the more common approach to thread hijacking, in which attackers use a single compromised organization’s emails to deliver their threat.  This many-to-one approach is unique from what we have generally observed in the past and is likely an indirect effect of the widespread compromises and exfiltration of large volumes of email from 2020 and 2021.  Understandi...

China-Backed APT Pwns Building-Automation Systems with ProxyLogon

The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks.

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise of your on-premises Exchange Server and, potentially, other parts of your internal network.

One-Click Microsoft Exchange On-Premises Mitigation Tool - March 2021

We have been actively working with customers through our customer support teams, third-party hosters, and partner network to help them secure their environments and respond to associated threats from the recent Exchange Server on-premises attacks. Based on these engagements we realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server.

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version.

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version.

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version.

Microsoft Exchange Server Vulnerabilities Mitigations - updated March 15, 2021

Update March 15, 2021: If you have not yet patched, and have not applied the mitigations referenced below, a one-click tool, the Exchange On-premises Mitigation Tool is now our recommended path to mitigate until you can patch. Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version.

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.

msrc-blog: Latest News

Congratulations to the Top MSRC 2024 Q3 Security Researchers!