Microsoft patched an actively exploited high severity vulnerability that impacts Microsoft Exchange servers.
Microsoft released November 2021 security updates for Exchange Server that addresses actively exploited high severity vulnerabilities reported by security partners and found through Microsoft’s internal processes. Microsoft also admitted that one of these vulnerabilities (CVE-2021-42321) is currently under attack. It is a post-authentication vulnerability found in Exchange 2016 and 2019.
On-premises Microsoft Exchange Servers
Microsoft stated that these vulnerabilities affect on-premises Microsoft Exchange Server, including servers in Exchange Hybrid mode. However, Exchange Online users are safe and don’t need to take action against vulnerabilities. Microsoft also urged users to install the updates as soon as possible.
Approximately two weeks after Microsoft’s release, a cybersecurity researcher, published a proof-of-concept exploit for the high severity vulnerability.
Users who want to check if any of your vulnerable Exchange servers have already been targeted by this vulnerability can run the following PowerShell query on each server to detect specific events:
Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }