Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NMicrosoft Exchange Server
APPMicrosoft201320162019
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Exchange Server
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Required action (CISA)i
Apply updates per vendor instructions.
CISA descriptioni
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARE⏰CISA DEADLINE: 3 maja 2022
Tags
RCE
References
Related vulnerabilities
CVE-2024-21410CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Microsoft Exchange Server — privilege escalation z pominięciem uwierzytelnienia
CVE-2021-34523CRITICAL9.0⚠ KEVten sam produkt
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2021-34473CRITICAL9.1⚠ KEVten sam produkt
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21709CRITICAL9.8ten sam produkt
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-21846CRITICAL9.0ten sam produkt
Microsoft Exchange Server Remote Code Execution Vulnerability