Microsoft Security Advisory:
On March 2, the Microsoft Threat Intelligence Center warned in a blog post of a campaign to exploit previously unknown vulnerabilities affecting Exchange Server software.
The tech giant is tracking those vulnerabilities as follows:
CVE-2021-26855: a server-side request forgery (SSRF) bug in Exchange that allows a malicious actor to send arbitrary HTTP requests and authenticate as the Exchange server.
CVE-2021-26857: an insecure deserialization vulnerability in the Unified Messaging service that enables an attacker to run code as SYSTEM on the Exchange server once they’ve obtained admin permissions or exploited another security bug.
CVE-2021-26858: an arbitrary file write vulnerability in Exchange that could allow someone to write a file to any path on the server after they’ve authenticated themselves by exploiting CVE-2021-26855 or stealing a legitimate set of credentials.
CVE-2021-27065: a vulnerability that operates similarly to CVE-2021-26858.
Microsoft identified HAFNIUM as the primary threat actor abusing the vulnerabilities described above at the time of its security advisory.
For more information: https://zix.com/resources/blog/march-2021/least-30k-us-orgs-affected-threat-actors-targeting-exchange-bugs