Attackers obtained access to email accounts and from this point escalated.
A total of four vulnerabilities were uncovered:
- CVE-2021-26855. It’s a Server-side request forgery (SSRF) an permits the attacker to query the server with a special request to generate a remote code execution.
- CVE-2021-26857 caused by unsafe data deserialization inside the Unified Messaging service.
- CVE-2021-26858. Allows an authorized Exchange user to overwrite any existing file inside the system with any other data.
- CVE-2021-27065 similar to CVE-2021-26858 allowing the attacker to overwrite any system file on the Exchange server.
To learn more visit https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/