What is it?
Microsoft Exchange Server (2010, 2013, 2016 and 2019… various updates) has a memory handling vulnerability that allows an attacker to execute an operating system command remotely.
This is aka ‘Microsoft Exchange Memory Corruption Vulnerability’. The link below from Microsoft, provides a list of specific versions and updates that effected by this vulnerbility.
An error in the software allows senders to bypass authentication, install programs and run them. When combined with another vulnerability (CVE-2021-26855) these programs can be run as an administrator.
The Packet Storm link below contains a more detailed description of how this vulnerability is exploited.
Why is it a risk?
An attacker can run an arbitrary operating system command on your exchange server. This vulnerability does not bypass authentication.
This is considered a HIGH serverity vulnerability.
How can you mitigate the risk?
Patch your Microsoft Exchange Server to the latest version.
There is a link below to the “One-Click Microsoft Exchange On-Premises Mitigation Tool”; as of March 2021, this is the recommended method for patching your on-premises MS Exchange Server.
The Microsoft Safety Scanner Download link below provides a useful tool for testing your Exchange Server for a variety of security related risks.
Resources:
Packet Storm – Exchange Control Panel Viewstate Deserialization
https://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html
Microsoft list of effected versions/updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688
Microsoft One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Safety Scanner Download
https://docs.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download?view=o365-worldwide
