Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483

Protection in place?

We will inform you here, as soon as our vendors have protection for those vulnerabilities in place.

Last update: 05.05.2021 at 11:30

Fortinet

Protection is available (for FortiClient only at the moment)

https://www.fortiguard.com/encyclopedia/endpoint-vuln/67270

We have got the following statement from Fortinet regarding IPS signatures: “We are not able to develop IPS signatures for these vulnerabilities at this time, due to a lack of detailed information regarding them. We are currently monitoring the issue. Once more information becomes available to us we will develop signatures for them with priority.”

Since Palo Alto, WatchGuard and Kaspersky also have no protection in place at the moment, we suspect that they have the same problem developing signatures.

Leave a Reply

Your email address will not be published. Required fields are marked *