Microsoft CVE-2021-26857: Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)
7
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
03/02/2021
03/03/2021
03/02/2021
12/01/2023
Description
There exists an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.
Solution(s)
- msft-kb5000871-22fec8f5-e504-4971-a880-88bab21a1f37
- msft-kb5000871-28c56acf-f5f1-4a92-900d-0de0c58d61a4
- msft-kb5000871-82a6c7b8-34c1-4d23-879a-8b5963acc47d
- msft-kb5000871-c6ed44ca-634b-4b5c-91ba-12232d8ec98e
- msft-kb5000978-4ecf02e7-963b-42d5-8c3d-07c90ec7f059
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center