CNCS - Alert Detail

23 Nov 2021

Vulnerablity Alert - Microsoft Exchange Server

TYPE

Vulnerabilities

SYSTEMS AFFECTED

Microsoft Exchange Server 2016; Microsoft Exchange Server 2019

ECOSYSTEM

Microsoft, Windows

Descrição

Microsoft has published a security update for a Remote Code Execution vulnerability (CVE-2021-42321) associated with problems with the validation of command-let arguments (cmdlet). This vulnerability affects Microsoft Exchange Server 2016 and 2019. Users who use Exchange Hybrid mode are also affected.
This vulnerability is being actively exploited.

Impacto

If this vulnerability is successfully exploited, it allows an authenticated attacker to run remote code.

Resolução

Users are recommended to update "on-premises" systems to the following versions:[1]
- Exchange Server 2016 (Cumulative Update 22, Cumulative Update 21)
- Exchange Server 2019 (Cumulative Update 11, Cumulative Update 10)

Referências

[1] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321

[2] https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-exchange-rce-bug-patch-now/

Citizen

Public Administration

Organizations

IT Professionals

Vulnerablity Alert - Microsoft Exchange Server

Vulnerablity Alert - Microsoft Exchange Server