Microsoft has advised admins to patch with immediate effect a high severity Exchange Server Vulnerability tracked as CVE-2021-42321 caused by improper validation of cmdlet arguments and capable of allowing attacked to execute code remotely on Vulnerable servers including Exchange Server 2016 and Exchange Server 2019. Microsoft update noted, “We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.”
Users interested in getting a quick inventory of all Exchange servers in their environment lagging in terms of updates are advised to use the latest version of the Exchange Server Health Checker script. Those interested in verifying if any of their Exchange servers were hit by CVE-2021-42321 exploitation attempts are advised to a detailed PowerShell query in each Exchange server.
For more information, read the original story in Bleeping Computer