Microsoft Exchange Server Multiple Vulnerabilities

Last Update Date: 22 Mar 2021 Release Date: 3 Mar 2021 5914 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Microsoft Exchange Server, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and data manipulation on the targeted system.

 

Note:

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 are being exploited in the wild. It is reported that multiple hacking groups are actively exploiting the vulnerabilities to deploy ransomware.

 

[Updated 8-Mar-2021] Add new link to the "Related Links" Section.

[Updated 16-Mar-2021] Add mitigation tool to the "Solution" Section.

[Updated 22-Mar-2021] Escalate to Extremely High risk. Add information about ransomware exploiting the vulnerabilities.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.
  • Apply Microsoft Exchange On-Premises Mitigation Tool.

https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftRemote Code ExecutionSecurity Restriction BypassData ManipulationExploit In The Wild

Share with

Previous

Linux Kernel Multiple Vulnerabilities

19 Mar 2021 4402 Views

Next

F5 BIG-IP Denial of Service Vulnerability

23 Mar 2021 4781 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY