• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Phone-alt Linkedin

Common Vulnerabilities and Exposures

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability

This is a post-authentication remote code execution vulnerability affecting on-premises Microsoft Exchange Server Exchange 2016 and 2019, including those used by customers in Exchange Hybrid mode. The flaw exists due to the improper validation of command-let (cmdlet) arguments.

To exploit this vulnerability, an attacker would need to be authenticated to a vulnerable Exchange Server.

EXPLOITED: This vulnerability was successfully exploited during the Tianfu Cup 2021 hacker contest.

Fix: Organizations that run Exchange Server on-premises should apply security updates in a timely manner to prevent future exploitation once proof-of-concept code becomes publicly available.

Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321;

https://www.crowdstrike.com/blog/patch-tuesday-analysis-november-2021/

 

CVE-2021-3711:  OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow

OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt () function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Fixed Version:   OpenSSL 1.1.1j and 1.0.2za

Reference: https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html

 

CVE-2021-38666: Remote Desktop Client Remote Code Execution Vulnerability

RDP allows an attacker with control of a Remote Desktop Server to achieve RCE on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. It impacts both the traditional RDP client over the network and the local Hyper-V Manager “Enhanced Session Mode” since they both use the vulnerable mstscax.dll

Fix: As always, recommend patching as a first course of action.

Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38666

Recent blog posts

Common Vulnerabilities and Exposures – October 2022

Read More »

Hacks – October 2022

Read More »

Protecting your data – The CIA Triad – Part One: Confidentiality

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

Read More »

Check Point Harmony Authentication

Read More »

Hacks – Azure Authentication

Read More »

Brace168 News AusCERT Conference

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com