Cybersecurity and Infrastructure Security Agency recommends that all companies update any self-hosted Exchange servers that are sitting in their environment. The advice came out March 3rd and lists a number of CVEs associated with the issue. Here is the official statement.
Here are the CVEs in question:
- CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
- And possibly CVE-2021-26412, CVE-2021-26854, CVE-2021-27078 though they are related and so likely in scope.
As not much is known about these issues, the general guidance is to find and patch all potentially affected systems.
With Bit Discovery, it is very easy to find these assets. Simply go to the filters and look for services that contain “Microsoft Exchange”. If you want to go further and remove anything that is Microsoft hosted, just remove ASNs that contain “MICROSOFT” and you will be left with self-hosted servers. Given the nature of this issue, and criticality, please let us know if you need an account, and we would be happy to get you set up free of charge to test the service and find these assets.
