GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

Posted by: Randy Becker
Read More
All Posts

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

By Randy Becker, VP & Principal Security Architect

Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.


These significant vulnerabilities should be patched ASAP

These impact on-premises Exchange Server versions 2013, 2016, and 2019. Note that the Exchange updates released in March of 2021 do not remediate against these new vulnerabilities announced today. These are significant vulnerabilities that should be patched as soon as possible following your normal change and testing processes. Is it time to enhance your vulnerability management program to deal with vulnerabilities like these and out of band zero-day vulnerabilities? The answer of course is Yes.

Patching instructions and further reading on the threat

The latest
patches can be viewed on the Microsoft Security Response Center (MSRC) website. KB5001779 takes you to the 4 new Exchange RCE vulnerabilities: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483. As usual, you must follow the instructions on this page or you may run into problems with the updates just like in last month’s updates.


How long before a POC exploit is made public?

It does not look like there is evidence of exploitation in the wild yet but exploitation is likely. Given the exploits we saw associated with the previous Exchange on-premises vulnerabilities, organizations are strongly recommended to prioritize installing the latest updates. It also looks like there are a few critical severity RCE vulnerabilities impacting all supported versions of Windows. The same process goes with these per usual patching.

 

Important steps we should all be taking

  • Follow proper change control process

  • Test your patches before rolling into production

  • Ensure you have immutable backups of all systems—that way if the worst happens you have a method of recovering.

  • If you have an on-premises Microsoft Exchange Server, regardless of whether it’s exposed to the Internet or not, patch it!

  • Ask yourself if now is the time to consider a move to Microsoft Online Exchange?

If you have an on-premises Microsoft Exchange Server and need help patching or would like to implement immutable backups or create an Incident Response Plan, reach out to your GreenPages Account Manager or reach out to us!


Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.

 

Comments

Related Posts

Tech News Recap for the Week of 05/03/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 05/03/21!

Dell High Severity 12-Year-Old Vulnerability Leaves Hundreds of Millions of Systems Exposed.

By Randy Becker, VP & Principal Security Architect On May 4, 2021, SentinelLabs posted that they had discovered five Dell security bugs collectively tracked as CVE-2021-21551. This local privilege-escalation (LPE) has a CVSS vulnerability-severity rating of 8.8 out of 10. SentinelLabs proactively reported their findings to Dell on Dec 1, 2020. These five high-severity security vulnerabilities in Dell’s firmware update driver have the potential to impact hundreds of millions of Dell desktops, laptops, notebooks, and tablets.

Tech News Recap for the Week of 04/26/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/26/21!