The Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):
- CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange.
- CVE-2021-26857 - insecure deserialization vulnerability in the Unified Messaging service.
- CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange.
- CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.
If successfully exploited, these CVEs would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system.
A large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. We encourage these organisations to do so urgently.
We have identified extensive targeting, and confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments.
We are monitoring the situation and are able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact us via 1300 CYBER1.
For more information and mitigations, read this alert on our website.
Are you a victim of cybercrime? Visit ReportCyber to take your next steps.
We use hyperlinks to give you more information. If you don't want to click hyperlinks, you can search for the information on the cyber.gov.au.