Skip to the main content.

1 min read

Microsoft Exchange Server Vulnerability Scanner (CVE-2021-42321)

Featured Image

UPDATE 15.11.2021.

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321). Please refer to their site for more details. 

IMPORTANT NOTICE!

We have released a FREE version of DRONE that scans the machine against indicators of the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321).

Steps to use DRONE for scanning against CVE-2021-42321:

  1. Download DRONE 1.7.2 from here

  2. Run it with the command-line DRONE.exe -a vua -n

Note: If you have Chrome installed on the machine, you can also run DRONE in Tower mode in the browser by simply double-clicking the executable and enabling the Vulnerability scanner since we added the Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321) identifier to the Vulnerability Analyzer (See Image below). 

drone-microsoft-exchange-vulnerability

Optionally, you can enable all analyzers (auto-pilot mode) to have an automated compromise assessment in parallel.

Below you can see the DRONE scanning process

drone-microsoft-exchange-vulnerability

 

Original post


CVE-2021-42321 is an RCE vulnerability in Microsoft Exchange Server. The flaw exists due to the improper validation of command-let (cmdlet) arguments. To exploit this vulnerability, an attacker would need to be authenticated to a vulnerable Exchange Server. Microsoft says they are aware of “limited targeted attacks” using this vulnerability in the wild. Additionally, this appears to be the same vulnerability in Exchange Server that was exploited at the Tianfu Cup, a Chinese cybersecurity contest.

Dubai World Police Summit 2023: Collaborating for enhanced security and a balanced approach to human rights-based security

Dubai World Police Summit 2023: Collaborating for enhanced security and a balanced approach to human rights-based security

This month we had the privilege of attending the Dubai World Police Summit, in partnership with our distributor TRINEXIA, in the META region. This...

Read More
Designing AIR – A peak behind the curtain of UI/UX design at Binalyze

Designing AIR – A peak behind the curtain of UI/UX design at Binalyze

As a Sr. Product Designer within the Product team here at Binalyze, I believe that the best design solutions and product improvements come from...

Read More
Binalyze expands distribution partnerships in India with TRINEXIA

Binalyze expands distribution partnerships in India with TRINEXIA

Binalyze is excited to announce further expansion into the Indian market, thanks to a newly agreed distribution partnership with TRINEXIA . The goal...

Read More