Patches Released for Actively Exploited Vulnerabilities in Microsoft Exchange and Microsoft Excel – CVE-2021-42321 & CVE-2021-42292

Share :

Background

On Tuesday, November 9, 2021, Microsoft released patches for two actively exploited vulnerabilities, CVE-2021-42321 in Microsoft Exchange, and CVE-2021-42292 in Microsoft Excel.

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2021-42292

7.8

High

Bypass & Incorrect Authorization

Microsoft Excel Security Feature Bypass Vulnerability

CVE-2021-42321

8.8

High

Remote Code Execution

Microsoft Exchange Server Remote Code Execution

Analysis

CVE-2021- 42292

CVE-2021-42292 is a security bypass vulnerability in Microsoft Excel that could lead to local code execution via a specially crafted Excel file. Updates for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are currently not available.

CVE-2021- 42321

CVE-2021-42321 is a post-authentication remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019. This specifically affects on-premises Microsoft Exchange Server and Exchange servers deployed in a hybrid model. Exchange online customers are not vulnerable.

Solutions and Recommendations

Microsoft has reported limited exploitation of these two vulnerabilities and has not released technical details regarding how these vulnerabilities work or which threat actors or campaigns are exploiting them.

Microsoft has provided a PowerShell query in their blog here that can be run directly on Exchange 2016 and 2019 Servers to identify potential prior exploitation activity associated with CVE-2021-42321.

Microsoft has indicated in their advisory on the CVE-2021-42321 here  and on the CVE-2021-42292 here that specific versions are affected by this vulnerability.

Arctic Wolf recommends reviewing both advisories to determine if you are running any outdated versions of this software in your environment and patch as soon as possible.

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter