Intrusion PreventionMS.Exchange.Server.Common.Access.Token.Privilege.Elevation
Description
This indicates an attack attempt to exploit a Privilege Elevation in Microsoft Exchange Server.
The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data and ultimately execute arbitrary code within the context of the application, via a crafted HTTP request.
Outbreak Alert
The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.
Affected Products
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2013 Cumulative Update 23
Impact
Privilege Escalation: Remote attackers can leverage their privileges on vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 50695 |
| Created | Aug 17, 2021 |
| Updated | Oct 27, 2021 |
| CVE ID | |
| Tags | Hive Ransomware 2022 Annual Report |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.0% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Exchange |
| Profile Type | Permission/Privilege/Access Control |