You are here
HAFNIUM: Exchange RCE
Last update on 10. March 2021 - 11:34.
Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks [1]. The vulnerabilities are critical and could lead to remote code execution (RCE).
Attackers can send malicious cookies like "X-AnonResource-Backend" and " X-BEResource" to trigger the attack. Airlock Gateway implements a cookie store and does not expose any application cookies to the client/attacker by default*. Attackers are therefore not able to tamper with cookies or send unknown cookies to the back-end.
Due to this, Airlock Gateway mitigates the risk of exploitation.
*The Airlock Gateway Exchange/OWA templates do not define the affected cookies as passthrough. If you have modified the templates, please check this setting in the basic tab of the corresponding Mappings.
Microsoft provides patches [2]. We recommend to update any vulnerable Exchange system asap to fix the root causes of the vulnerabilities.