CVE-2021-26857: Microsoft Exchange Server Remote Code Execution Vulnerability

CVE ID

CVE-2021-26857

Vulnerability Name

Microsoft Exchange Server Remote Code Execution Vulnerability

• Project: Microsoft
• Product: Exchange Server

Date

• Date Added: 2021-11-03
• Due Date: 2021-04-16

Description

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26857

Related Security News

• Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
• US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
• Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
• Salt Typhoon hackers backdoor telcos with new GhostSpider malware
• AT&T, Verizon reportedly hacked to target US govt wiretapping platform

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List