The CVS score for this vulnerability is CVSS 7.8. The attacker could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin's credentials. CVE-2021-27065: By authenticating with an Exchange Server, an attacker can use this vulnerability to write a file to any path on the server.CVE-2021-26858: This is a post-authentication arbitrary file write vulnerability to write to paths.This requires administrator permission or another vulnerability to exploit.
MICROSOFT SAFETY SCANNER POWERSHELL SCRIPT CODE
Exploiting this vulnerability enables running malicious code as the SYSTEM user on the Exchange Server. Insecure deserialization is where a program deserializes untrusted user-controllable data. CVE-2021-26857: There exists an insecure deserialization vulnerability in the Unified Messaging service.The CVS score for this vulnerability is CVSS 9.1. CVE-2021-26855: This vulnerability comprises a server-side request forgery (SSRF) vulnerability in Exchange, allowing the attacker to send arbitrary HTTP requests and authenticate as the Exchange Server.First, what are the four zero-day vulnerabilities found in the on-premises Exchange Server versions and the corresponding CVEs? While Exchange 2010 is not directly affected by the vulnerabilities, Microsoft has also released patches for Exchange 2010 for what it refers to as a "defense in depth" patch.
The on-premises Exchange vulnerabilities made headlines in March 2021 with four very high-profile vulnerabilities to note with Exchange 2013, 2016, and 2019. On-premises Exchange Server vulnerabilities
What are the zero-day vulnerabilities found regarding on-premises Exchange? How does the new one-click Microsoft Exchange On-Premises Mitigation Tool help with applying patches to the on-premises Exchange Server? Let's look at this new tool and see how it works.
0 kommentar(er)
