25th May 2022

Microsoft Exchange Server Remote Code Execution Vulnerability – CVE-2021-34473

A critical security vulnerability with a CVSS 3.1 Score of 9.8 has been published in Microsoft Exchange Server that will cause remote code execution. This vulnerability allows code execution with the Exchange Server application pool and Exchange Server server farm accounts. This vulnerability applies to the versions listed below. Although no exploit has been detected regarding the published vulnerability, it is recommended to download and install the published patches via the relevant links in order not to damage the systems due to the criticality of the vulnerability.

Microsoft Exchange Server
Microsoft Exchange Server

 

Affected Systems

It has been stated that the following systems are affected.

  • Microsoft Exchange Server 2019 Cumulative Update 9
  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2013 Cumulative Update 8
  • Microsoft Exchange Server 2016 Cumulative Update 19
  • Microsoft Exchange Server 2019 Cumulative Update 20
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability

 

Solution and CVE / CWE

It is recommended to install the updates listed in the table below.

CVE/CWE: CVE-2021-34473

Product Article Security Patch
Microsoft Exchange Server 2019 Cumulative Update 9 5001779 Security Update
Microsoft Exchange Server 2013 Cumulative Update 23 5001779 Security Update
Microsoft Exchange Server 2019 Cumulative Update 8 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 19 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 20 5001779 Security Update

Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.

Reference:

 

LEARN MORE  What is BEC? Using Google Services for BEC Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *