Microsoft Exchange CVE-2021-26855 CVE-2021-26857 CVE-2021-27065 CVE-2021-26858 - IOCs / Recap
[READ ALL FOR IOCs]
Cloudflare recaps this really well in a post and they also had some rules early on to protect their customers: https://blog.cloudflare.com/protectin... Takeaway? Keep your ports internal, behind a VPN, or use a proper gateway/proxy like Cloudflare.
IOC // http-vuln-cve2021-26855.nse
https://github.com/microsoft/CSS-Exch...
You should for sure patch ASAP if you're not already, but hereth be ye a couple mitigation techniques from Microsoft: https://msrc-blog.microsoft.com/2021/...
Splunk Resources:
[1] https://www.splunk.com/en_us/blog/sec...
[2] Literally just search for "X-AnonResource-Backend" (AND OR) "X-BEResource" in your WAF (web firewall) logs if you can.
Otherwise consider using the MSERT tool to scan ALL your Microsoft Exchange environments..
64-bit: https://go.microsoft.com/fwlink/?Link...
32-bit: https://go.microsoft.com/fwlink/?Link...
Good luck, stay safe.. leave me a comment if you need/want help. Volunteering in free-time to reduce impact to SMBs/nonprofits
