Advanced AI Cyber Security
Powerful Lethal Attack Technology

You are here: SecPoint & IT Security News

Scan for Microsoft Exchange Zero Day CVE-2021-26855

Easily scan your Microsoft Exchange servers and find out if you are open to hacker attacks.

You can also find out if you have already been compromised and blackhat attackers have left behind shell scripts.

Request a free vulnerability scan with the Cloud Penetrator

The new related CVEs that are involved in this Remote Code Execution Vulnerability includes:

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

CVE-2021-26857  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

CVE-2021-26858 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

CVE-2021-27065  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065


Scan your website for the latest Microsoft OWA Exchange Zero Day Server Remote Code Execution Vulnerabilities with the Penetrator.
See also if you have already been hacked. https://www.secpoint.com/contact-me.php https://www.secpoint.com/free-vulnerability-scan.php
 

Find out if you have already been compromised by the exposure of important shell scripts left behind by the automated attack robots.

The vulnerability was originally a ZERO day exploited in the wild by a hacking group under the name Hafnium.

According to sources more than 10 professional hacking groups where exploiting this vulnerability.

Often the professional criminal hacker gangs will break in to an organization steal or encrypt the data and afterwards demand ransom.

It is urgently required by the customers running the Microsoft Exchange with a publicly exposed OWA login to install all available patches.

Further more it is recommended to restrict access so only trusted IP addresses example from only the country the site is located in.

So if a server is located in Germany and only have users in Germany block all other country access to the Server.

This way it can help to prevent future vulnerabilities in being exploited.

Microsoft Exchange remote code execution (RCE)

When attackers have access to remote code execution (RCE) vulnerabilities it can lead to serious harm for the customer.

The customer can loose valuable data such as usernames, passwords, sensitive data, emails, internal company software or files.

Even if the attackers get access to encrypted passwords they can afterwards be cracked on large GPU cracking farms.

Once the attackers discover common passwords connected with specific usernames they can then go on other sites across the internet.

Then find the same username and often the same password has been used.

So far it is estimated in the 100.000 of sites have been compromised already.

It is recommended to perform daily vulnerability scans of any IP address the customer have running.

This way it can be revealed early on which systems are missing patches and can easily be broken in to by remote attackers.

4 Zero Days revealed

In this Microsoft Exchange hack more than 4 Zero Days where revealed in the operation.

The question is how long time the attackers had access to this 4 type of zero day vulnerabilities on the black market.

They could have been available to specific hackers for years allowing full access to customer systems.

The the question is how many zero days are there now we are not aware of for similar systems.

The best approach for the customer when using a system with the history of RCE vulnerabilities is to restrict all incoming access to the system and only allow trusted IP addresses to connect.

Apply Strong Firewall IPS to block attacks

Another technique for the customer can be to deploy UTM Firewall systems wit strong IPS capability that can actively block attacks coming in.

Often IPS systems are updated on a daily basis and can very early on know details of the attack and easily block attacks.

Even when zero days are used IPS systems can often block suspicious traffic.

When details starts to be public available of the vulnerabilities the IPS can fast release signatures that block this type of attack across large networks.

It is always a cat and mouse game with the professional criminal hacker gangs and business, government institutions.

Hack your site with White Hat Hackers

It is also recommended to hire White Hat Hackers with more than 20 years of experience to hack your own site.

Grant the white hat hackers freedom to hack the system in any way they want.

Often the human hacker brain can be more creative than any system and can find in ways

that nobody where thinking about before.

And it is important to often deploy white hat hackers to hack the systems.

Network monitoring

It is also important to daily watch the traffic to important servers to find any anomality and if any suspicious data is going in or go out.

It can be a 24 hour human monitoring job for key important servers to look at all traffic with human brains to analyze.

A human can often pickup on things that an automated system might be missing.