Skip to main content

Microsoft Exchange Server Multiple Vulnerabilities

Last Update Date: 22 Mar 2021 Release Date: 3 Mar 2021 5890 Views

RISK: Extremely High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Microsoft Exchange Server, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and data manipulation on the targeted system.



CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 are being exploited in the wild. It is reported that multiple hacking groups are actively exploiting the vulnerabilities to deploy ransomware.


[Updated 8-Mar-2021] Add new link to the "Related Links" Section.

[Updated 16-Mar-2021] Add mitigation tool to the "Solution" Section.

[Updated 22-Mar-2021] Escalate to Extremely High risk. Add information about ransomware exploiting the vulnerabilities.


  • Remote Code Execution
  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019


Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.
  • Apply Microsoft Exchange On-Premises Mitigation Tool.

Vulnerability Identifier


Related Link