SUBJECT: CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability
TECH STACK: Microsoft Exchange Server 2013, 2016, and 2019.
DATE(S) ISSUED: 05/11/2021
CRITICALITY: HIGH
OVERVIEW:
CVE-2021-31207 is a vulnerability in Microsoft Exchange Server that could allow an attacker to bypass security features and gain unauthorized access to the system. This vulnerability is caused by a flaw in the way that Exchange Server handles certain requests, which could allow an attacker to bypass security controls and access sensitive information or perform unauthorized actions on the system.
To exploit this vulnerability, an attacker would need to have access to the Exchange Server and be able to send web requests to it.
The vulnerability was discovered in March 2021 and affects Microsoft Exchange Server 2013, 2016, and 2019.
NIST Description: Microsoft Exchange Server Security Feature Bypass Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-31207
THREAT INTELLIGENCE:
CISA has added CVE-2021-31207 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
NIST: NVD
Base Score: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SOLUTION:
To patch the security feature bypass vulnerability in Microsoft Exchange Server (CVE-2021-31207), you will need to apply the appropriate updates from Microsoft. These updates are available through the Microsoft Update Catalog or through Windows Update.
Here are the steps to apply the updates using Windows Update:
- Open the Start menu and search for "Windows Update."
- Click on "Check for updates."
- If updates are available, they will be listed in the "Windows Update" window.
- Select the update that addresses the security feature bypass vulnerability in Exchange Server (it will be listed as "Security Update for Microsoft Exchange Server 2019, 2016, and 2013") and click "Install."
- Follow the prompts to install the update.
It is important to note that you will need to have administrator privileges on the Exchange Server to install the updates.
It is also a good idea to ensure that your Exchange Server is fully patched and up-to-date with the latest security updates. You can check for additional updates by repeating the steps above.
In addition to applying the updates, it is also recommended that you follow best practices for securing your Exchange Server, including implementing strong authentication methods, monitoring for unusual activity, and implementing appropriate access controls.
REFERENCES:
MISC:http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html
MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-819/
MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207
URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207
