SB2021051112 - Multiple vulnerabilities in Microsoft Exchange Server

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper validation of integrity check value (CVE-ID: CVE-2021-31209)

The vulnerability allows a remote attacker to bypass integrity checks.

The vulnerability exists within the handling of Exchange Server Help updates. A remote attacker on the local network can bypass integrity check on update downloads.

2) Security features bypass (CVE-ID: CVE-2021-31207)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Microsoft Exchange Server. A remote administrator can gain full access to target system.

3) Code Injection (CVE-ID: CVE-2021-31198)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Microsoft Exchange Server. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Code Injection (CVE-ID: CVE-2021-31195)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Microsoft Exchange Server. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209
• https://www.zerodayinitiative.com/advisories/ZDI-21-615/
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195