On April 13, 2021 (Microsoft's Patch Tuesday for the month), Microsoft rolled out patches to fix a number of critical vulnerabilities in on-premise Exchange Server installations.
While the company says that these holes haven't been knowingly exploited, it's still important to get these updates applied in your environment soon. Let's look at the update and what you should know.
A Season of Exchange Issues
If this problem sounds familiar, it's because Microsoft just dealt with another high-profile Exchange Server vulnerability in March 2021. A Chinese state-sponsored group worked on a complex attack to break into and then steal data from affected networks using this exploit.
The threat became so dangerous that the US Department of Homeland Security even issued a warning about this danger, requiring all agencies to run a scan for the problem on relevant servers.
April 2021's Exchange Fix
The Microsoft Security Response Center blog post detailing this update didn't have a whole lot to say about the specifics.
However, from Microsoft's Download page for patch KB5001779, we do know that this is a remote code execution vulnerability. These kinds of exploits are particularly nasty, as they allow attackers to execute whatever code they want on a remote system. Since they have access to the system account with high-level privileges, they could wreak havoc on any devices they control.
If you're interested, the Common Vulnerabilities and Exposures (CVE) numbers for these exploits are as follows:
In particular, 28480 and 28481 are pre-authentication, which means an attacker doesn't have to log into an affected Exchange server to take advantage of the security flaw. This is in contrast to exploits that require the malicious actor to gain access to the system, perhaps by tricking a legitimate user.
The company reiterates how important it is to keep automatic updates enabled, since they protect your infrastructure as soon as Microsoft issues the fixes. Leaving your operating systems and software on an old version gives attackers time to use known vulnerabilities against you, which malicious actors will spring to do once the latest dangers are common knowledge.
Microsoft explains that Patch Tuesday for April 2021 includes several critical fixes for Exchange Server run onsite; Exchange Online is not affected by this latest vulnerability. The problems were reported by one of Microsoft's security partners, so thankfully they weren't discovered by a rogue group started taking advantage of them, which often happens.
Though Microsoft says that nothing has happened in the wild taking advantage of these exploits, the recent attacks against Exchange mean that it's more important than ever to stay vigilant.
We're already applied the necessary patches for our customers—just one of the many ways our proactive services keep your business safe.
A Hopefully Inconsequential Vulnerability
Since Microsoft was made aware of and fixed these issues quickly, we can be optimistic that this won't be a massive problem like some of the earlier Exchange issues were. As 2021 continues, diligence with updates is one of the best weapons in the fight against bad actors exploiting these security holes.
And these Exchange patches aren't even the biggest security news of 2021—check out our coverage of the SolarWinds hack to learn more about that headline event.