Patch your Microsoft Exchange deployments now, users warned

email marketing
(Image credit: Sendinblue)

Cybersecurity (opens in new tab) researchers have published a proof-of-concept (PoC) code for an actively exploited high severity vulnerability in Microsoft Exchange servers that Microsoft has already patched (opens in new tab) in the November 2021 Patch Tuesday.

Successful exploitation of the vulnerability in the popular hosted email server (opens in new tab), tracked as CVE-2021-42321, enables authenticated attackers to execute code remotely on Microsoft Exchange Server 2016 and Exchange Server 2019 installations. 

Almost two weeks after the release of Microsoft’s patch, a Vietnamese security researcher who goes by the moniker Janggggg, has released a PoC exploit for the bug, which should further incentivize admins to patch their vulnerable installations. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

"This PoC [will] just pop mspaint.exe on the target, [and] can be use[d] to recognize the signature pattern of a successful attack event," tweeted (opens in new tab) the researcher while sharing the PoC.

Functional PoC

Reporting on the development, BleepingComputer (opens in new tab) shares that admins can use the Exchange Server Health Checker script (opens in new tab) to generate a list of all vulnerable Exchange servers in their network that need to be patched against CVE-2021-42321.

According to Microsoft (opens in new tab), the security flaw is caused by improper validation of cmdlet arguments, and comes on the heels of two major malicious Exchange-centric campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon (opens in new tab) and ProxyShell (opens in new tab).

Although the issues have all been patched, the new PoC has once again created an opportunity for threat actors to go after unpatched servers. 

While the researcher did wait for a couple of weeks after the release of the patch to unleash the PoC in a bid to help security researchers understand the flaw, its release should serve as a reminder for lethargic admins to patch their on-premise Exchange servers without further delay. 

Ensure your systems remain secure and updated using one of these best patch management tools (opens in new tab)

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.