Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

A critical Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released.

Microsoft Exchange Server Remote Code Execution Vulnerability-34473

An attacker who successfully exploits this vulnerability can run arbitrary code in the context of the system user. The exploitation of this vulnerability requires an authenticated user in a certain exchange role to be compromised. Even though no exploit regarding this vulnerability has been discovered, due to its severity/criticality, it is highly recommended that the following patches are downloaded to ensure the safety of systems/assets.

Affected Systems

The following servers/systems are affected by this vulnerability;

  • Microsoft Exchange Server 2019 Cumulative Update 9
  • Microsoft Exchange Server 2016 Cumulative Update 23
  • Microsoft Exchange Server 2013 Cumulative Update 8
  • Microsoft Exchange Server 2016 Cumulative Update 19
  • Microsoft Exchange Server 2019 Cumulative Update 20

IoC’s

-

Recommended Solution(s)

Organizations using the following products are recommended to download the patches in the table below.

Product Article Patch
Microsoft Exchange Server 2019 Cumulative Update 9 5001779 Security Update
Microsoft Exchange Server 2013 Cumulative Update 23 5001779 Security Update
Microsoft Exchange Server 2019 Cumulative Update 8 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 19 5001779 Security Update
Microsoft Exchange Server 2016 Cumulative Update 20 5001779 Security Update

CVE / CWE

CVE-2021-34473

Related Website(s)

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.