2021-03-03 - Microsoft Exchange Zero Day (on-prem)
This article is for on-prem Microsoft Exchange users.
On Tuesday, March 2, Microsoft released an out of band patch to address multiple remote code execution (RCE) vulnerabilities in Microsoft Exchange. Four of these vulnerabilities have been connected to attacks by a nation state threat group known as HAFNIUM dating back to at least January 6, 2021. HAFNIUM was able to chain together several of these vulnerabilities to exploit vulnerable Exchange Servers in their attacks to access full mailboxes of interest.
The four vulnerabilities exploited in these attacks (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) affect on-prem deployments of Microsoft Exchange 2013, 2016, and 2019.
References:
HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security