On Tuesday, November 9, 2021, Microsoft released patches for two actively exploited vulnerabilities, CVE-2021-42321 in Microsoft Exchange, and CVE-2021-42292 in Microsoft Excel.
CVSS Score V3
Bypass & Incorrect Authorization
Microsoft Excel Security Feature Bypass Vulnerability
Remote Code Execution
Microsoft Exchange Server Remote Code Execution
CVE-2021-42292 is a security bypass vulnerability in Microsoft Excel that could lead to local code execution via a specially crafted Excel file. Updates for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are currently not available.
CVE-2021-42321 is a post-authentication remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019. This specifically affects on-premises Microsoft Exchange Server and Exchange servers deployed in a hybrid model. Exchange online customers are not vulnerable.
Solutions and Recommendations
Microsoft has reported limited exploitation of these two vulnerabilities and has not released technical details regarding how these vulnerabilities work or which threat actors or campaigns are exploiting them.
Microsoft has provided a PowerShell query in their blog here that can be run directly on Exchange 2016 and 2019 Servers to identify potential prior exploitation activity associated with CVE-2021-42321.
Arctic Wolf recommends reviewing both advisories to determine if you are running any outdated versions of this software in your environment and patch as soon as possible.
- Microsoft CVE-2021-42321 Advisory
- Microsoft CVE-2021-42292 Advisory
- November 9, 2021, Security Updates for Microsoft Exchange
- Microsoft Blog on Exchange Security Updates