Endpoint VulnerabilityMicrosoft Exchange Server CVE-2021-26855 Remote Code Execution Vulnerability
Description
Remote code execution vulnerability in Microsoft Exchange Server (2013-2019) allows attackers to exploit untrusted connections on port 443, enabling remote code execution; active attacks detected, patches available but customers should update to the latest cumulative updates.
Outbreak Alert
Firstly, if you are running an un-patched on-premise Microsoft Exchange version, you should upgrade immediately! This is a critical vulnerability that allows an attacker to access a desired user’s mailbox, requiring only the e-mail address of the user they wish to target! These details and more were disclosed by Volexity here. https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/ The vulnerabilities affect Exchange Server 2013, 2016 and 2019. Exchange Online is not affected.
View the full Outbreak Alert Report
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs a combination of highly tailored spear-phishing, credential theft from third-party services, and the abuse of virtual desktop infrastructure such as Citrix, VMware, and Azure VDI to gain initial access and move laterally within target networks.
View the full Outbreak Alert Report
Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.
Affected Applications
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2022-12-21 | 1.00365 |
Modified
|
Microsoft Exchange Server 2016 Cumulative Update 19,Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 8,Microsoft Exchange Server 2019 Cumulative Update 7,Microsoft Exchange Server 2016 Cumulative Update 18 |
| 2022-12-14 | 1.00363 |
Modified
|
Microsoft Exchange Server 2016 Cumulative Update 9,Microsoft Exchange Server 2016 Cumulative Update 8,Microsoft Exchange Server 2019 Cumulative Update 4,Microsoft Exchange Server 2016 Cumulative Update 11,Microsoft Exchange Server 2016 Cumulative Update 10,Microsoft Exchange Server 2016 Cumulative Update 13,Microsoft Exchange Server 2016 Cumulative Update 12,Microsoft Exchange Server 2016 Cumulative Update 15,Microsoft Exchange Server 2016 Cumulative Update 14,Microsoft Exchange Server 2016 Cumulative Update 17,Microsoft Exchange Server 2016 Cumulative Update 16,Microsoft Exchange Server 2016 Cumulative Update 19,Microsoft Exchange Server 2016 Cumulative Update 18,Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2013 Cumulative Update 22,Microsoft Exchange Server 2013 Cumulative Update 21,Microsoft Exchange Server 2019 Cumulative Update 8,Microsoft Exchange Server 2019 Cumulative Update 2,Microsoft Exchange Server 2019 Cumulative Update 3,Microsoft Exchange Server 2019 Cumulative Update 1,Microsoft Exchange Server 2019 Cumulative Update 6,Microsoft Exchange Server 2019 Cumulative Update 7,Microsoft Exchange Server 2019,Microsoft Exchange Server 2019 Cumulative Update 5 |
| 2021-03-08 | 1.00234 |
New
|
Microsoft Exchange Server 2016 Cumulative Update 19,Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 8,Microsoft Exchange Server 2019 Cumulative Update 7,Microsoft Exchange Server 2016 Cumulative Update 18 |
| ID | 66853 |
| Created | Mar 07, 2021 |
| Description Updated |
Jan 10, 2026 |
| CVE ID | |
| Tags | Microsoft Exchange UNC1549 Espionage Attack CISAtop20_PRC2022 Threat Signal |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft Exchange Server 2016 Cumulative Update 19 , Microsoft Exchange Server 2013 Cumulative Update 23 , Microsoft Exchange Server 2019 Cumulative Update 8 , Microsoft Exchange Server 2019 Cumulative Update 7 , Microsoft Exchange Server 2016 Cumulative Update 18 |