Microsoft Expands Coverage of Exchange Server Patches

Cyber Security News

Microsoft released fixes for over 80 CVEs in yesterday’s Patch Tuesday update round, including a zero-day bug and several publicly disclosed vulnerabilities.

In a week dominated by the exploitation on a massive scale of four zero-day Exchange Server flaws patched out-of-band by Microsoft last week, there’s yet more to do for sysadmins.

The first is yet another zero-day, this time in Internet Explorer.

“CVE-2021-26411 is a memory corruption vulnerability that could allow an attacker to target users with specially crafted content,” explained Ivanti senior director of product management, Chris Goettl.

“An attacker could utilize specially crafted websites or websites that accept user-provided content or advertisements to host content designed to exploit this vulnerability.”

Experts also urged IT teams to patch a publicly disclosed vulnerability (CVE-2021-27077) in Windows Win32k that could allow an attacker to elevate privileges on an affected system. It was first reported by Trend Micro’s Zero Day Initiative back in January.

“This vulnerability is not believed to be exploited in the wild, however, the length of time between initial disclosure and a patch being released should be cause for concern as it may have given malicious threat actors the opportunity to figure out the vulnerability and exploit it,” warned Recorded Future senior security architect, Allan Liska.

“A similar vulnerability, also discovered by the Zero Day Initiative, reported last year, CVE-2020-0792, was not widely exploited.”

Of the six Microsoft DNS bugs patched this month, Liska argued that CVE-2021-26877, CVE-2021-26893, CVE-2021-26894 and CVE-2021-26895 should be prioritized as they are remote code execution flaws which impact Windows Server 2008-2016.

Elsewhere, Microsoft expanded the coverage of patches issued for those widely exploited Exchange Server bugs to include out-of-support cumulative updates (CUs) – including Exchange Server 2019 CU 6, CU 5 and CU 4 and Exchange Server 2016 CU 16, CU 15, and CU14.

“This is an indication of the severity and reach of the attacks targeting the Exchange Server on-prem products,” said Goettl.