9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
03/02/2021
Critical
Remote code execution vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to execute arbitrary code.
This vulnerability can be exploited by the following malware:
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 7
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
CVE-2021-26412
CVE-2021-26855
CVE-2021-27078
CVE-2021-27065
CVE-2021-26854
CVE-2021-26857
CVE-2021-26858
ACE
CVE-2021-264129.1Critical
CVE-2021-268559.1Critical
CVE-2021-270789.1Critical
CVE-2021-270657.8Critical
CVE-2021-268546.6High
CVE-2021-268577.8Critical
CVE-2021-268587.8Critical
support.microsoft.com/kb/5000871
support.microsoft.com/kb/5000978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27078
nvd.nist.gov/vuln/detail/CVE-2021-26412
nvd.nist.gov/vuln/detail/CVE-2021-26854
nvd.nist.gov/vuln/detail/CVE-2021-26855
nvd.nist.gov/vuln/detail/CVE-2021-26857
nvd.nist.gov/vuln/detail/CVE-2021-26858
nvd.nist.gov/vuln/detail/CVE-2021-27065
nvd.nist.gov/vuln/detail/CVE-2021-27078
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Exchange-Server/
threats.kaspersky.com/en/threat/Exploit.Script.CVE-2021-26855/
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%