Microsoft Releases Out-of-Band Security Updates for Exchange Server

2021-03-02T00:00:00
ID CISA:16DE226AFC5A22020B20927D63742D98
Type cisa
Reporter CISA
Modified 2021-03-02T00:00:00

Description

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

CISA encourages users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.