CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability
This is a post-authentication remote code execution vulnerability affecting on-premises Microsoft Exchange Server Exchange 2016 and 2019, including those used by customers in Exchange Hybrid mode. The flaw exists due to the improper validation of command-let (cmdlet) arguments.
To exploit this vulnerability, an attacker would need to be authenticated to a vulnerable Exchange Server.
EXPLOITED: This vulnerability was successfully exploited during the Tianfu Cup 2021 hacker contest.
Fix: Organizations that run Exchange Server on-premises should apply security updates in a timely manner to prevent future exploitation once proof-of-concept code becomes publicly available.
Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321;
https://www.crowdstrike.com/blog/patch-tuesday-analysis-november-2021/
CVE-2021-3711: OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow
OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt () function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Fixed Version: OpenSSL 1.1.1j and 1.0.2za
Reference: https://securityaffairs.co/wordpress/121426/hacking/cve-2021-3711-openssl-flaws.html
CVE-2021-38666: Remote Desktop Client Remote Code Execution Vulnerability
RDP allows an attacker with control of a Remote Desktop Server to achieve RCE on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. It impacts both the traditional RDP client over the network and the local Hyper-V Manager “Enhanced Session Mode” since they both use the vulnerable mstscax.dll
Fix: As always, recommend patching as a first course of action.
Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38666
