2 min read

Mitigation Instructions for CVE-2021-31207

Mitigation Instructions for CVE-2021-31207

SUBJECT: CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability

TECH STACK: Microsoft Exchange Server 2013, 2016, and 2019.  

DATE(S) ISSUED: 05/11/2021

CRITICALITY: HIGH

OVERVIEW:

CVE-2021-31207 is a vulnerability in Microsoft Exchange Server that could allow an attacker to bypass security features and gain unauthorized access to the system. This vulnerability is caused by a flaw in the way that Exchange Server handles certain requests, which could allow an attacker to bypass security controls and access sensitive information or perform unauthorized actions on the system.

To exploit this vulnerability, an attacker would need to have access to the Exchange Server and be able to send web requests to it. 

The vulnerability was discovered in March 2021 and affects Microsoft Exchange Server 2013, 2016, and 2019. 

NIST Description: Microsoft Exchange Server Security Feature Bypass Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-31207

THREAT INTELLIGENCE:

CISA has added CVE-2021-31207 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise. 

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST: NVD

Base Score: 7.2 HIGH

Vector:  CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SOLUTION:

To patch the security feature bypass vulnerability in Microsoft Exchange Server (CVE-2021-31207), you will need to apply the appropriate updates from Microsoft. These updates are available through the Microsoft Update Catalog or through Windows Update.

Here are the steps to apply the updates using Windows Update:

  1. Open the Start menu and search for "Windows Update."
  2. Click on "Check for updates."
  3. If updates are available, they will be listed in the "Windows Update" window.
  4. Select the update that addresses the security feature bypass vulnerability in Exchange Server (it will be listed as "Security Update for Microsoft Exchange Server 2019, 2016, and 2013") and click "Install."
  5. Follow the prompts to install the update.

It is important to note that you will need to have administrator privileges on the Exchange Server to install the updates.

It is also a good idea to ensure that your Exchange Server is fully patched and up-to-date with the latest security updates. You can check for additional updates by repeating the steps above.

In addition to applying the updates, it is also recommended that you follow best practices for securing your Exchange Server, including implementing strong authentication methods, monitoring for unusual activity, and implementing appropriate access controls.

REFERENCES:

MISC:http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html

MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-819/

MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207

URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207

Mitigation Instructions for CVE-2016-4437

Mitigation Instructions for CVE-2016-4437

Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ

Read More
Mitigation Instructions for CVE-2013-1896

Mitigation Instructions for CVE-2013-1896

Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet

Read More
Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

Read More