Alert GCSA-21022 - Microsoft out-of-band Security Update per Exchange Server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-21022
data: 03 marzo 2021
titolo: Microsoft out-of-band Security Update per Exchange Server
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato degli aggiornamenti di sicurezza non programmati,
per risolvere sette vulnerabilita' presenti in Microsoft Exchange Server.
Quattro di queste vulnerabilita' sono di tipo zero-day, cioe' sono
in corso di sfruttamento. Anche se Microsoft afferma che gli attacchi
sono mirati e limitati si consiglia di applicare le patch il prima
possibile.
Le vulnerabilita' consentono l'esecuzione di codice arbitrario da remoto.
Maggiori dettagli sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Data Manipulation (Tampering)
:: Soluzioni
Si consiglia di aggiornare il software alla versione
piu' recente. Gli aggiornamenti sono disponibili tramite
Method 1: Microsoft Update
Method 2: Microsoft Update Catalog
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000871
Method 3: Microsoft Download Center
Exchange Server 2010 (RU 31 for Service Pack 3 . this is a Defense in Depth update)
https://url.garrlab.it/gswsg
Exchange Server 2013 (CU 23)
https://url.garrlab.it/689pj
Exchange Server 2016 (CU 19, CU 18)
https://url.garrlab.it/689pj
Exchange Server 2019 (CU 8, CU 7)
https://url.garrlab.it/689pj
:: Riferimenti
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
March 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26412
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26412
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-27065
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26857
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-27078
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27078
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26854
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26854
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26858
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858
Microsoft - New nation-state cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/
Microsoft issues emergency patches for 4 exploited 0-days in Exchange
https://arstechnica.com/information-technology/2021/03/microsoft-issues-emergency-patches-for-4-exploited-0days-in-exchange/
Microsoft: 4 Exchange Server Zero-Days Under Attack by Chinese Hacking Group
https://www.securityweek.com/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group
URGENT . 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iFwEARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYD9ZVgAKCRDBnEyTZRJg
QgxgAJjoz8zHMLWD97UUW9xp2Ke80LkHAJ905L3R7+O0eOy59SJyZ5F1DN1MDw==
=ME9c
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
alert ID: GCSA-21022
data: 03 marzo 2021
titolo: Microsoft out-of-band Security Update per Exchange Server
******************************************************************
:: Descrizione del problema
Microsoft ha rilasciato degli aggiornamenti di sicurezza non programmati,
per risolvere sette vulnerabilita' presenti in Microsoft Exchange Server.
Quattro di queste vulnerabilita' sono di tipo zero-day, cioe' sono
in corso di sfruttamento. Anche se Microsoft afferma che gli attacchi
sono mirati e limitati si consiglia di applicare le patch il prima
possibile.
Le vulnerabilita' consentono l'esecuzione di codice arbitrario da remoto.
Maggiori dettagli sono disponibili nella segnalazione ufficiale
alla sezione "Riferimenti".
:: Software interessato
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Data Manipulation (Tampering)
:: Soluzioni
Si consiglia di aggiornare il software alla versione
piu' recente. Gli aggiornamenti sono disponibili tramite
Method 1: Microsoft Update
Method 2: Microsoft Update Catalog
https://www.catalog.update.microsoft.com/Search.aspx?q=KB5000871
Method 3: Microsoft Download Center
Exchange Server 2010 (RU 31 for Service Pack 3 . this is a Defense in Depth update)
https://url.garrlab.it/gswsg
Exchange Server 2013 (CU 23)
https://url.garrlab.it/689pj
Exchange Server 2016 (CU 19, CU 18)
https://url.garrlab.it/689pj
Exchange Server 2019 (CU 8, CU 7)
https://url.garrlab.it/689pj
:: Riferimenti
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
March 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26412
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26412
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26855
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-27065
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26857
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-27078
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27078
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26854
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26854
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-26858
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858
Microsoft - New nation-state cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/
Microsoft issues emergency patches for 4 exploited 0-days in Exchange
https://arstechnica.com/information-technology/2021/03/microsoft-issues-emergency-patches-for-4-exploited-0days-in-exchange/
Microsoft: 4 Exchange Server Zero-Days Under Attack by Chinese Hacking Group
https://www.securityweek.com/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group
URGENT . 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
https://thehackernews.com/2021/03/urgent-4-actively-exploited-0-day-flaws.html
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iFwEARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYD9ZVgAKCRDBnEyTZRJg
QgxgAJjoz8zHMLWD97UUW9xp2Ke80LkHAJ905L3R7+O0eOy59SJyZ5F1DN1MDw==
=ME9c
-----END PGP SIGNATURE-----