Coverage for March 2021 Microsoft Exchange Zero-Day Exploits and Associated Known Campaigns
Last Modified: 2024-02-05 11:54:57 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Coverage for March 2021 Microsoft Exchange Zero-Day Exploits and Associated Known Campaigns
Technical Articles ID:
KB94270
Last Modified: 2024-02-05 11:54:57 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x Trellix Intrusion Prevention System (Trellix IPS) 11.x, 10.x Summary
We're aware of a security advisory released by Microsoft. The advisory describes how multiple zero-day exploits attributed to the HAFNIUM Threat Group are being used to attack on-premises versions of Microsoft Exchange Server. Related to this threat is the We'll continue to monitor this threat and update this article as needed. To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Solution
Microsoft released security updates on March 2, 2021, for Microsoft Exchange Server to address vulnerabilities that have been used. See the Microsoft Security Response Center for details. IMPORTANT:
Coverage for known malware variants is provided by the DAT content listed above or newer. We recommend scanning with current production DATs. We also recommend performing an on-demand scan (ODS) of Exchange servers after applying the Microsoft Patch appropriate for the affected OS. A targeted OODS task can be configured to scan the following locations:
File types known to be added to these locations are as follows:
Exploit Prevention or HIPS coverage: CVE-2021-26855 - Out of scope
CVE-2021-26857 - Expected to be covered by signature 6195 CVE-2021-26858 - Under analysis (additional information is needed) CVE-2021-27065 - Under analysis (additional information is needed) IPS: IPS Signature Set 10.8.19.2, released on March 09, 2021, includes coverage for the vulnerabilities.
NOTE: This article is viewable only by registered ServicePortal users. Insights: Campaign can be found by searching for EDR: A real-time search of selected Related InformationAffected ProductsLanguages:This article is available in the following languages: |
|