Security Advisory - M365 Security Plus versions 4420 and below

Security Advisory - M365 Security Plus versions 4420 and below

Hello everybody!

      We have fixed an authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099) reported by moon. This article provides more information on the issue and how to resolve it.

What is the issue?
  • Authentication bypass leading to arbitrary file-upload remote code execution vulnerability (CVE-2021-42099), 
What is the severity of this issue?
  • This is a critical issue.
Which versions of M365 Security Plus are affected?
  • M365 Security Plus builds up to 4421 are affected.
How does it impact M365 Security Plus customers?
  • The authentication bypass vulnerability allows an attacker to upload an arbitrary file and execute the same in product server. So far no customers were affected by this issue.
What should I do if my installation is affected?
  • Update M365 Security Plus to the latest build, 4425, using the service pack.
If you need further information, have any questions, or face any difficulties updating M365 Security Plus, please get in touch with us at support@m365securityplus.com, or +1-408-916-9836 (toll free).