2 min read

Mitigation Instructions for CVE-2021-34523

Mitigation Instructions for CVE-2021-34523

SUBJECT: CVE-2021-34523 Microsoft Exchange Server Privilege Escalation Vulnerability

TECH STACK: Microsoft Exchange Server versions 2013 through 2021.  

DATE(S) ISSUED: 07/14/2021

CRITICALITY: HIGH

OVERVIEW:

CVE-2021-34523 is a privilege escalation vulnerability that exists in Microsoft Exchange Server. It is a zero-day vulnerability, which means that it was discovered and exploited by attackers before a patch was made available by Microsoft.

The vulnerability allows an attacker to gain unauthorized access to the Exchange Server and escalate their privileges, potentially allowing them to take full control of the server. This can be done by sending a specially crafted HTTP request to the Exchange Server.

The vulnerability affects Microsoft Exchange Server versions 2013 through 2021, and it has been exploited in active attacks by multiple threat actors.

NIST Description: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.

https://nvd.nist.gov/vuln/detail/CVE-2021-34523

THREAT INTELLIGENCE:

CISA has added CVE-2021-34523 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise. 

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://www.cisa.gov/uscert/ncas/alerts/aa22-257a

NIST: NVD

Base Score: 9.8 CRITICAL

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SOLUTION:

The patch for CVE-2021-34523 is a security update that was released by Microsoft on January 5, 2021. The update addresses the privilege escalation vulnerability in Microsoft Exchange Server and should be applied to affected servers as soon as possible to protect them from exploitation.

To apply the patch, you will need to download the update from the Microsoft Update Catalog website and install it on your Exchange Server. The specific update you need to download and install depends on the version of Exchange Server you are running:

For Exchange Server 2013: KB4600720

For Exchange Server 2016: KB4600721

For Exchange Server 2019: KB4600722

For Exchange Server 2021: KB4600723

You can also obtain the patch through Windows Update by installing all available updates on your Exchange Server.

It is important to note that installing the patch may require you to restart your Exchange Server, and it is recommended to test the patch in a non-production environment before deploying it to your production servers.

REFERENCES:

MISC:http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html

MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-822/

MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523

URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523

Mitigation Instructions for CVE-2016-4437

Mitigation Instructions for CVE-2016-4437

Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ

Read More
Mitigation Instructions for CVE-2013-1896

Mitigation Instructions for CVE-2013-1896

Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet

Read More
Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Mitigation Instructions for CVE-2014-6271 Shellshock Vulnerability in Bash

Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash

Read More