New Exchange vulnerabilities were recently discovered by the National Security Agency. Omega Systems is taking proactive steps to address these threats.
These vulnerabilities have been identified as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483 and affect the following Microsoft Exchange Server versions:
Although related to HAFNIUM, these new vulnerabilities pose a new and different threat to Microsoft Exchange Servers. Unlike the HAFNIUM vulnerabilities in the recent past, these 4 new vulnerabilities are not being exploited in the wild as of the time of this writing. These vulnerabilities were discovered quietly and the NSA provided Microsoft with the information to provide patches for their customers. Although the vulnerabilities are not exploited “in the wild” (meaning: the exploit is widely published, through sources such as blog posts, forums, exploit-db, or exploitation frameworks like metasploit), trained and skilled reverse engineers may be able to discover the threat by reverse engineering Microsoft’s patch. Given that the HAFNIUM exchange vulnerabilities could be performed by low skilled attackers and that these vulnerabilities are related, we predict that a public POC (Proof of Concept) exploit will be developed within the next few days to weeks and critical infrastructure will likely be targeted. It is possible that these private exploits developed could be released in the wild before widespread patching occurs.
The federal government has mandated that all federal agencies are patched by Friday (4/16/21) or to disconnect Exchange from the internet. Considering the risk potential, Omega Systems recommends immediate approval on an emergency basis to patch your servers.
**As always, contact Omega Systems Service Desk 484-772-1110 or your Technical Account Manager with any questions. Please let the Omega Systems team know your preferred Exchange server patch time preference.**
References: