<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Security Advisory Vulnerability CVE-2021-26855

Vulnerability CVE-2021-26855Datashield recommends patching any Microsoft Exchange servers due to the recently released series of vulnerabilities, CVE-2021-26855 in particular, and the evidence of this exploit being utilized in the wild. An unauthenticated attacker can compromise the server and obtain access into the network. There is no current mitigation besides patching the affected Exchange servers. Datashield has deployed some initial detections for this CVE, but is still evaluating and creating new detections as we gather more information.


Vulnerable Versions:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Datashield also recommends performing the following the steps to determine if there was any compromise on the Exchange servers:

  • Analyzing Exchange HttpPRoxy logs
  • Analyzing Exchange log files
  • Analyzing Windows Application event logs
  • Checking for evidence of webshells
  • Checking for evidence of LSASS dumps

Further details are outlined in the Microsoft blog (first link below) for performing the above outlined steps. If you need any assistance or have any questions regarding searching for these IOCs, please reach out to the MSSDS and we will answer any questions that you have. If you utilize Defender for endpoint or Azure Sentinel, there are also several queries your teams can run in those environments. We are in the process of proactively scanning and hunting if we have access to any of the above logs or technologies.

 

Microsoft Advisory:

If you have any questions regarding this vulnerability, please contact us.

Read more blogs from Datashield

Topics from this Article

Microsoft, News, CVE, Vulnerability Management, Threat Intelligence

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are reaping the benefits of securing operating systems and deployed IT infrastructure.

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with instructions on decrypting their data.

Datashield Announces Partnership with Bishop Fox

Two cybersecurity powerhouses partner to provide defensive and offensive security services to boost enterprise companies’ security posture. Scottsdale, Ariz.— Datashield, a Scottsdale-based cybersecurity company, recently inked its partnership with offensive security services firm Bishop Fox. Both companies are based in Arizona and provide outsourced cybersecurity services to top Fortune 500 companies.