ACHTUNG - Kritische Sicherheitslücke in Exchange - sofortiges Update erforderlich

Bernhard Schmidt Bernhard.Schmidt at lrz.de
Mi Mär 3 10:14:59 CET 2021


Sehr geehrte Damen und Herren,

es gibt eine extrem kritische Sicherheitslücke in Microsoft Exchange 
(aktiv ausgenutzte Sicherheitslücke mit unauthentifizierter Remote Code 
Exection). Im Anhang die Information von Microsoft. Die LRZ-Installation 
wird gerade aktualisiert. Bitte leiten Sie diese Information an alle 
Betreiber lokaler Exchange-Installationen an Ihren Einrichtungen weiter.

---

Today, Microsoft released patches for multiple different on-premises 
Microsoft Exchange Server zero-day vulnerabilities that are being 
exploited by a nation-state affiliated group.  The vulnerabilities exist 
in on-premises Exchange Servers 2010, 2013, 2016, and 2019.

Your Microsoft Customer Success Account Manager and Technical Support 
Teams will be engaging with your technical teams to assist in addressing 
this issue.  We wanted to ensure you were aware of the situation and 
would ask that you help drive immediate remediation steps.

For on-premises Exchange Servers, we ask that you direct your teams to 
/start immediate action/ to assess your Exchange infrastructure and 
patch vulnerable servers, with the first priority being servers which 
are accessible from the Internet (/e.g/., servers publishing Outlook on 
the web/OWA and ECP).  To patch these vulnerabilities, you should move 
to the latest Exchange Cumulative Updates and then install the relevant 
security updates on each Exchange Server. You can use the Exchange 
Server Health Checker script, which can be downloaded from GitHub 
<https://aka.ms/ExchangeHealthChecker> (use the latest release). Running 
this script will tell you if you are behind on your on-premises 
Exchange Server updates (note that the script does not support Exchange 
Server 2010).

We also recommend that your security team assess whether or not the 
vulnerabilities were being exploited by using the Indicators of 
Compromise we shared here -

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ 
<https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>

We are committed to working with you through this issue.  Your Microsoft 
account and support teams have been fully mobilized.  Please let me know 
if you need additional help.

*_Information to assist you and your teams: _**__*

**

March 2, 2021 Security Update Release - Release Notes - Security Update 
Guide - Microsoft 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2FreleaseNote%2F2021-Mar&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312381885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9adPKHyvETmjOgeaMtFEbDR%2FFicOrvDb%2B7ubwGwHOZY%3D&reserved=0>

CVE-2021-26412 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-26412&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312381885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HHyJP5liONu4zjlO85E4TmB4%2FH%2BqCkYjALwMasrgAOE%3D&reserved=0>

CVE-2021-26854 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-26854&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312391884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=i9HiB3eLC4YduLF0hTBRmxSekL5ltOYZzeE7F%2FgJQd0%3D&reserved=0>

CVE-2021-26855 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-26855&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312401883%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4%2Fi8DY%2FciqfLNfqKFmFqDNEBR63dFHbPaaDRVZtHPwQ%3D&reserved=0>

CVE-2021-26857 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-26857&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312411875%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Rd6yMpvPOv2WAIZwu9oPZLn7BqeaH6gpVwXpm%2BCn0HQ%3D&reserved=0>

CVE-2021-26858 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-26858&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312411875%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Yipfg9y0Jzul%2FMBi5jdv%2BRS5nWZ2nq6JQS%2FJGE2O0eo%3D&reserved=0>

CVE-2021-27065 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-27065&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312421867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EkDJe5HHGRsvI9l5Tt8nnSL%2B1nLiGiNzGncnr8GsiIk%3D&reserved=0>

CVE-2021-27078 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc.microsoft.com%2Fupdate-guide%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2021-27078&data=04%7C01%7Cjotrull%40microsoft.com%7C446db1dfedf248efd2cd08d8dda7a0dd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637503059312431867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BHFjax80mUrtnxVWf70kIQp9URoAyidopFVg5pxrV3w%3D&reserved=0>

Exchange Team Blog Post - Article Not Found - Microsoft Tech Community 
<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901>

Microsoft Security Response Center release - Article Not Found - 
Microsoft Tech Community 
<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901>

CSS Support: https://support.microsoft.com/ <https://support.microsoft.com/>

---

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.lrz.de/pipermail/aktuell/attachments/20210303/3a41a1d1/attachment.htm>


Mehr Informationen über die Mailingliste aktuell