Patch your Microsoft Exchange deployments now, users warned

PoC should serve as a reminder to patch vulnerable servers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have published a proof-of-concept (PoC) code for an actively exploited high severity vulnerability inMicrosoftExchange servers that Microsoft hasalready patchedin the November 2021 Patch Tuesday.

Successful exploitation of the vulnerability in the popularhosted email server, tracked as CVE-2021-42321, enables authenticated attackers to execute code remotely on Microsoft Exchange Server 2016 and Exchange Server 2019 installations.

Almost two weeks after the release of Microsoft’s patch, a Vietnamese security researcher who goes by the moniker Janggggg, has released a PoC exploit for the bug, which should further incentivize admins to patch their vulnerable installations.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“This PoC [will] just pop mspaint.exe on the target, [and] can be use[d] to recognize the signature pattern of a successful attack event,“tweetedthe researcher while sharing the PoC.

Functional PoC

Reporting on the development,BleepingComputershares that admins can use theExchange Server Health Checker scriptto generate a list of all vulnerable Exchange servers in their network that need to be patched against CVE-2021-42321.

According to Microsoft, the security flaw is caused by improper validation ofcmdletarguments, and comes on the heels of two major malicious Exchange-centric campaigns, which have targeted different, but related vulnerabilities known asProxyLogonandProxyShell.

Although the issues have all been patched, the new PoC has once again created an opportunity for threat actors to go after unpatched servers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the researcher did wait for a couple of weeks after the release of the patch to unleash the PoC in a bid to help security researchers understand the flaw, its release should serve as a reminder for lethargic admins to patch their on-premise Exchange servers without further delay.

Ensure your systems remain secure and updated using one of thesebest patch management tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well