JSC State Technical Service

The KZ-CERT Computer emergency response team of JSC “State Technical Service”, as part of monitoring the Kazakhstani segment of the Internet for information security threats, reports on the relevance of the vulnerability with the identifier CVE-2021-42321 (Microsoft Exchange Server RCE Vulnerability).

This vulnerability allows an authenticated attacker to remotely execute code on Microsoft Exchange servers (2016, 2019) running in local or hybrid mode.

Despite the fact that the first data on the vulnerability CVE-2021-42321 was published in November 2021, at this moment the vulnerability remains relevant for organizations using Microsoft Exchange Server solutions as a mail server.

This vulnerability can be exploited remotely without any interaction with the user, as a result of which attackers can intercept control of the system or its individual components, as well as gain access to confidential data (corporate correspondence, personal data of users, etc.).

Microsoft Exchange Server is a software product for messaging and collaboration. The main functions of Microsoft Exchange are processing and forwarding of mail messages, sharing calendars and tasks, support for mobile devices and web access, integration with voice messaging systems (since Exchange 2007) and support for instant messaging systems.

According to CVSS (Common Vulnerability Scoring System), the criticality of the vulnerability is 9.9 out of 10.

In order to avoid possible attacks and exploitation of Microsoft Exchange Server vulnerabilities, the KZ-CERT Computer emergency response team sent notifications to owners and telecom operators with appropriate recommendations.

The main recommendation is to install the latest Microsoft Exchange Server security patches that eliminate the above vulnerability, as well as check for traces of exploitation of the vulnerability.