Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
The vulnerabilities recently being exploited are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. They are currently linked to HAFNIUM and Dearcry ransomware attacks, among others.
Affected Microsoft Exchange Servers
The latest assessments indicated that the vulnerabilities affect:
- Exchange Server versions 2010, 2013, 2016, and 2019
- Exchange Online is not affected.
The FortiGuard Labs research team is recommending these four steps:
For our FortiSIEM, FortiSOAR, FortiAnalyzer, and FortiXDR customers, please read the FortiGuard Outbreak Alert for a set of threat-hunting strategies and playbooks for effective detection and response.
If you believe that you have been impacted, contact our teams for help navigating this event and minimize the impact on your organization.
Fortinet’s Professional Services
|Scan. Identify. Patch||Secure||Compromised||Engage IR Team|
|FortiGuard Labs Consulting (FGLC) Security Architecture Evaluation||
Apply appropriate patches.
|Fortiguard Incident Response Service||Fortiguard Incident Response Service|
|FortiPen (Pen testing service)||Fortinet virtual patching provides protection against exploits until the vendor issues a patch to update a vulnerability.|