Microsoft released security updates for Exchange Server this week that address a set of four vulnerabilities rated as Serious and Critical. All problems lead to remote execution of arbitrary code and some of them were discovered by NSA specialists.
The new bugs affect Exchange Server from 2013 to 2019, and while there is no evidence that they were actually used, Microsoft believes that attackers are more likely to take advantage of them and create exploits soon.
Vulnerabilities got identifiers CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483… By words by Microsoft expert Kevin Beaumont, the most serious of them have a critical severity (9.8 out of 10 on the CVSS v3 scale) and can be used without authentication. One more critical bug is estimated at 9 points out of 10, the least serious – 8.8 points.
All bugs were patched as part of Microsoft’s April Patch Tuesday, which brought patches for 108 vulnerabilities, five of which are zero-day vulnerabilities (one of which is already being exploited for attacks).
According to Microsoft, the following four vulnerabilities were publicly disclosed, but the problems were not exploited by hackers:
- CVE-2021-27091: RPC Endpoint Mapper Service privilege escalation vulnerability;
- CVE-2021-28312: DoS vulnerability of Windows NTFS;
- CVE-2021-28437: Windows Installer Information Disclosure Vulnerability.
- CVE-2021-28458: An elevation of privilege vulnerability in the Azure ms-rest-nodeauth library.
Another vulnerability discovered by Kaspersky Lab researchers was exploited by cybercriminals. Bug was found in Desktop Window Manager and allowed to elevate user privileges in the system, he was assigned a number CVE-2021-28310.
Researchers have data on the use of this exploit by cybercriminals, and, possibly, by several groups at once (in particular, BITTER APT). It allows attackers to elevate user rights on the system and then execute arbitrary code on the victim’s device. At this stage, Kaspersky Lab experts do not have complete information about the entire infection chain, but it is reported that there is a possibility that this exploit is being used in conjunction with other browser exploits to bypass sandboxes or gain privileges in the system.
ProApk on Telegram – https://t.me/proapk_in
ProApk on Google News – https://news.google.com/publications/CAAqBwgKMP_S9AowhYDbAg
ProApk on Twitter – https://twitter.com/xdapirates
ProApk on Facebook – https://facebook.com/www.proapk.in