Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
The vulnerabilities recently being exploited are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. They are currently linked to HAFNIUM and Dearcry ransomware attacks, among others.
Affected Microsoft Exchange Servers
The latest assessments indicated that the vulnerabilities affect:
- Exchange Server versions 2010, 2013, 2016, and 2019
- Exchange Online is not affected.
Mitigation Steps
The FortiGuard Labs research team is recommending these four steps:
Break the attack sequence with comprehensive real-time protection across the digital attack surface and cycle.
We’ve released updates to our products across the Fortinet security Fabric. Follow the version links to learn more.
For our FortiSIEM, FortiSOAR, FortiAnalyzer, and FortiXDR customers, please read the FortiGuard Outbreak Alert for a set of threat-hunting strategies and playbooks for effective detection and response.
If you believe that you have been impacted, contact our teams for help navigating this event and minimize the impact on your organization.
Additional Resources
Fortinet’s Professional Services
| Scan. Identify. Patch | Secure | Compromised | Engage IR Team |
|---|---|---|---|
| FortiGuard Labs Consulting (FGLC) Security Architecture Evaluation | Apply appropriate patches. |
Fortiguard Incident Response Service | Fortiguard Incident Response Service |
| FortiPen (Pen testing service) | Fortinet virtual patching provides protection against exploits until the vendor issues a patch to update a vulnerability. | Apply threat-hunting strategies in FortiSIEM, FortiSOAR, FortiAnalyzer |
|
|
|
