Multiple targeted attacks exploiting Microsoft Exchange Server Remote Code Execution Vulnerability were detected early March 2021 by the Microsoft Security Response Center (MSRC) that investigates all reports of security vulnerabilities affecting Microsoft products and services. These vulnerabilities, which only affect Exchange Servers installed on a local server, allow access to e-mail accounts and the installation of malicious software, among other things.
3 affected systems
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
7 security vulnerabilities detected:
- CVE-2021-26855 (CVSS Base Score: 9.1)
- CVE-2021-26857 (CVSS Base Score: 7.8)
- CVE-2021-26858 (CVSS Base Score: 7.8)
- CVE-2021-27065 (CVSS Base Score: 7.8)
- CVE-2021-26412 (CVSS Base Score: 9.1)
- CVE-2021-26854 (CVSS Base Score: 6.6)
- CVE-2021-27078 (CVSS Base Score: 9.1)
Among them, the one referred to as 'CVE-2021-26855', if combined with other vulnerabilities, can enable the complete takeover of Exchange servers as well as the theft of the contents of all mailboxes.
To counter this, exceptional security updates have been provided by Microsoft. These patches must be applied by all technical teams managing a Microsoft Exchange server within their institution :
- either automatically, if it has been activated on the servers,
- or in an autonomous way by manually downloading and installing the package corresponding to your case as proposed by Microsoft support.