SUBJECT: CVE-2021-34523 Microsoft Exchange Server Privilege Escalation Vulnerability
TECH STACK: Microsoft Exchange Server versions 2013 through 2021.
DATE(S) ISSUED: 07/14/2021
CRITICALITY: HIGH
OVERVIEW:
CVE-2021-34523 is a privilege escalation vulnerability that exists in Microsoft Exchange Server. It is a zero-day vulnerability, which means that it was discovered and exploited by attackers before a patch was made available by Microsoft.
The vulnerability allows an attacker to gain unauthorized access to the Exchange Server and escalate their privileges, potentially allowing them to take full control of the server. This can be done by sending a specially crafted HTTP request to the Exchange Server.
The vulnerability affects Microsoft Exchange Server versions 2013 through 2021, and it has been exploited in active attacks by multiple threat actors.
NIST Description: Microsoft Exchange Server Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33768, CVE-2021-34470.
https://nvd.nist.gov/vuln/detail/CVE-2021-34523
THREAT INTELLIGENCE:
CISA has added CVE-2021-34523 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/uscert/ncas/alerts/aa22-257a
NIST: NVD
Base Score: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SOLUTION:
The patch for CVE-2021-34523 is a security update that was released by Microsoft on January 5, 2021. The update addresses the privilege escalation vulnerability in Microsoft Exchange Server and should be applied to affected servers as soon as possible to protect them from exploitation.
To apply the patch, you will need to download the update from the Microsoft Update Catalog website and install it on your Exchange Server. The specific update you need to download and install depends on the version of Exchange Server you are running:
For Exchange Server 2013: KB4600720
For Exchange Server 2016: KB4600721
For Exchange Server 2019: KB4600722
For Exchange Server 2021: KB4600723
You can also obtain the patch through Windows Update by installing all available updates on your Exchange Server.
It is important to note that installing the patch may require you to restart your Exchange Server, and it is recommended to test the patch in a non-production environment before deploying it to your production servers.
REFERENCES:
MISC:http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html
MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-822/
MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523
URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523