Cary, N.C. – March 3, 2021 – Last week, VMware announced that the vCenter Server team had investigated CVE-2021-21972 and CVE-2021-21973 and determined that there is a security exploit which can be removed by performing the workaround steps detailed in the KB article below. The workaround is meant to be a temporary solution until updates can be deployed. A list of impacted and fixed vCenter Server versions can be found in the article.
Security exploit for VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374)
On March 2nd, Microsoft had detected multiple zero-day exploits being used to attack on-premises and hybrid O365 Microsoft Exchange environments. Please see the blog post by Microsoft and emergency patches below.
MS Exchange Vulnerability affecting both On-Prem and Hybrid Office 365 Environments
Description blog: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Emergency Patches: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Microsoft has released patches for the following servers:
- Exchange Server 2010 (for Service Pack 3 – this is a Defense in Depth update)
- Exchange Server 2013 (CU 23)
- Exchange Server 2016 (CU 19, CU 18)
- Exchange Server 2019 (CU 8, CU 7)
Exchange 2010 is beyond the support cycle, but they have patched it anyway.
The 5S team is on standby and ready to help anyone that needs it to address either of these security vulnerabilities. Please reach out to firstname.lastname@example.org or call 919-364-9400 if you need assistance.