Vulnerability Management

Microsoft patches Exchange glitch exploited in the wild

A Microsoft sign is seen on March 13, 2020, in New York City. (Photo by Jeenah Moon/Getty Images)

Microsoft has patched a vulnerability in on-premises Exchange Server 2016 and 2019 that has seen "limited targeted attacks" in the wild as part of wider updates for Exchange server.

"We are aware of limited targeted attacks in the wild using one of [today's patched] vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment," the Redmond, Wash.-based company wrote in its blog.

On-premises Exchange server vulnerabilities became a major issue of concern early in 2021 when Microsoft identified the Chinese "Hafnium" espionage group taking advantage of a vulnerability. Microsoft was upfront about the espionage group when announcing that vulnerability, but at the time had only identified limited use in the wild. That soon ballooned when Hafnium made a last-ditch effort to drain all possible value from its exploit. There is no evidence of Hafnium involvement with the new vulnerability, and no evidence that patching the new vulnerability will accelerate attacks.

CVE-221-42321 affects on-premises and hybrid Exchange clients, but not cloud clients.

In order to install the updates, clients must first be running Exchange Server 2016 CU21 or CU22, or Exchange Server 2019 CU10 or CU11.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.