CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-31207 Microsoft Exchange Server Remote Code Execution Vulnerability
We recommend that anyone using Microsoft Exchange on premise with OWA services enabled:
- Confirm the server is fully patched and updated to the most recent release from Microsoft. Please understand, the patch will not remediate an already compromised Exchange server.
- Review the exchange server(s) for presence of any unexpected “.aspx” or “.aspx.req” files. These could be web shells. They will run under the system context and grant the attacker full root access to the Exchange server.
- Review the server for the presence of any of the hashes noted in the most recent CISA alert (https://us-cert.cisa.gov/ncas/alerts/aa21-321a)
- Review your environment for any newly created accounts. The attackers have been observed creating accounts as part of the attack chain.
If you identify any indicators of compromise and need further assistance, please reach out at .
We will continue to release updates as the situation progresses and we learn more.
