Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483

Protection in place?

We will inform you here, as soon as our vendors have protection for those vulnerabilities in place.

Last update: 15.04.2021 13:40

Fortinet

Protection is available (for FortiClient only at the moment)

https://www.fortiguard.com/encyclopedia/endpoint-vuln/67270

Exchange Hafnium Vulnerability March 2021

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

CVE-2021-26855
CVE-2021-26857
CVE-2021-26858 and CVE-2021-27065

Below you can find the related articles or microsites to the matter from our different vendors we distribute.

Please note, that some of the solutions had a signature in place already, when the broad exploitation of the vulnerability started. Therefore not only the information IF a signature is available, it is also important from WHEN this signature has been applied on your system.

Fortinet

Protection is available

https://fndn.fortinet.net/FortiGuard-Alert-Outbreaks/Hafnium-full/

FortiSIEM is even able to detect activities related to this vulnerability.

Palo Alto

Protection is available

https://unit42.paloaltonetworks.com/microsoft-exchange-server-attack-timeline/

Kaspersky

Protection is available

https://www.kaspersky.com/blog/exchange-vulnerabilities/38964/

WatchGuard

Protection is available

https://techsearch.watchguard.com/KB?SFDCID=kA10H000000Xe1SSAS
https://www.secplicity.org/2021/03/08/chinese-state-actors-exploit-0-day-vulnerabilities-targeting-on-premise-exchange-server

Performance Best Practices for Kaspersky Endpoint Security for Windows

Here you can find some recommendations how to configure protection in Kaspersky Endpoint Security for Windows and reduce the impact on the system. The original document written by Evgeniya Kirikova from Kasperksy can be downloaded here.

General recommendations

  1. Use the latest versions of Kaspersky Endpoint Security for Windows, as they contain the latest fixes and improvements, including performance related.
  2. We recommend you to use all protection components with default settings. They provide the optimal balance between protection level and performance recommended by our experts.
  3. Check KES for Windows policy and make sure that general performance settings are enabled (KES policy –> General –> Application settings):
«Performance Best Practices for Kaspersky Endpoint Security for Windows» weiterlesen

OpenSSL Heartbleed Bug Informationen

Hier finden Sie Informationen zu der OpenSSL Schwachstelle und Herstellerinformationen.

«Offizielle» Webseiten
http://heartbleed.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Testseiten
http://filippo.io/Heartbleed/
https://www.ssllabs.com

Betroffene OpenSSL Versionen
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

«OpenSSL Heartbleed Bug Informationen» weiterlesen