Update to Alert 138 - Multiple Vulnerabilities in Microsoft Exchange Server

  • CERT Admin
  • Tue Mar 09 2021
  • Alerts

Systems Affected 

  ✻  Microsoft exchange server 2019 cumulative update 7
  ✻  Microsoft exchange server 2019 cumulative update 8
  ✻  Microsoft exchange server 2016 cumulative update 18
  ✻  Microsoft exchange server 2016 cumulative update 19
  ✻  Microsoft exchange server 2013 cumulative update 23 

Threat Level 

Low 

Overview 

The alert update is released by 'Cybersecurity and Infrastructure Security Agency, US'

Description 

Everyone using Microsoft Exchange on-premise products must
  ✻  Check for signs of compromise
  ✻  Immediately patch Microsoft Exchange with the vendor released patch
  ✻  If unable to patch, remove the products from the network immediately
  ✻  Upgrade to the latest supported version of Microsoft Exchange 

Solution/ Workarounds 

Actions for IT Admins/Staff
Please follow the recommended steps
     ✻  Patch ALL instances of Microsoft Exchange that you are hosting.
     ✻  If you can't patch then follow the recommendations Microsoft issued
by Microsoft Exchange Server Vulnerabilities Mitigations,March 2021,Microsoft Security Response Center.  
     ✻  Check for indicators of compromise by running the following script in the given link
(https://github.com/microsoft/CSS-Exchange/blob/cb550e399bc2785e958472e533147826e2b6bf24/Security/Test-ProxyLogon.ps1)
   ✻  If you haven't been compromised we strongly recommend enhanced monitoring of network connections to your Exchange environment  

References 

✻  https://us-cert.cisa.gov/ncas/alerts/aa21-062a
✻  https://us-cert.cisa.gov/ncas/current-activity/2021/03/05/microsoft-releases-alternative-mitigations-exchange-server 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Mon Apr 19 2021