Vulnerability Information: These vulnerabilities have been identified as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483 and affect the following Microsoft Exchange Server versions: • Microsoft Exchange Server 2013 • Microsoft Exchange Server 2016 • Microsoft Exchange Server 2019
Risk: High to Critical
While unlike the HAFNIUM vulnerabilities in the past, these 4 new vulnerabilities are not being exploited in the wild as of the time of this writing. These vulnerabilities were discovered quietly and the NSA provided Microsoft with the information to provide patches for their customers. Although the vulnerabilities are not exploited in the wild, trained and skilled reverse engineers may be able to discover the vulnerability by reverse engineering Microsoft’s patch. Given that the HAFNIUM exchange vulnerabilities could be performed by low skilled attackers and that these vulnerabilities are related, we predict that a public POC(Proof of Concept) exploit will be developed within the next few days to weeks and critical infrastructure will likely be targeted. It is possible that these private exploits developed could be released in the wild before widespread patching occurs.
Considering the risk potential we would recommend immediate approval on an emergency basis to patch your servers. The federal government has mandated that all federal agencies are patched by Friday or to disconnect Exchange from the internet.
What Omega Systems is doing to protect its customers: • All customers where Omega provides hosted Exchange products are being notified to approve Exchange Emergency Patching. • When Authorization to patch is provided, Omega Systems will immediately schedule technicians to patch the mentioned vulnerabilities and verify that all services are restored. • Omega’s Threat detection systems and multiple layers of firewalls and security products are in place protecting exchange servers and monitoring for suspicious adversary activity. • Omega Systems has developed its own SIEM threat detection system that detects web shells being dropped on servers and malicious commands being executed that provides it’s SOC team full visibility of all Exchange Servers within our environment.
What Omega Systems Recommends its Customers to do: • Provide immediate approval with a time window of when Omega Systems can begin patching their Exchange Server. • Protect any web facing servers and client workstations with a Next Generation Endpoint Detection and Response solution to automatically respond and neutralize any and all attacks in real-time.