DearCry

Microsoft Security Intelligence has released a tweet on DearCry ransomware being used to exploit compromised on-premises Exchange Servers. | Microsoft has released out-of-band security updates to address four vulnerabilities in Exchange Server: CVE-2021-26855 allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF).

Microsoft Security Intelligence has released a tweet on DearCry ransomware being used to exploit compromised on-premises Exchange Servers. | CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 allow for remote code execution. CVE-2021-26858 and CVE-2021-27065 are similar post-authentication arbitrary write file vulnerabilities in Exchange. An attacker, authenticated either by using CVE-2021-26855 or via stolen admin credentials, could write a file to any path on the server.

CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 allow for remote code execution. CVE-2021-26858 and CVE-2021-27065 are similar post-authentication arbitrary write file vulnerabilities in Exchange. An attacker, authenticated either by using CVE-2021-26855 or via stolen admin credentials, could write a file to any path on the server. | Microsoft Security Intelligence has released a tweet on DearCry ransomware being used to exploit compromised on-premises Exchange Servers.

Microsoft Security Intelligence has released a tweet on DearCry ransomware being used to exploit compromised on-premises Exchange Servers. | CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 allow for remote code execution... CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. An attacker, authenticated either by using CVE-2021-26855 or via stolen admin credentials, could execute arbitrary code as SYSTEM on the Exchange Server.