FortiClient VulnerabilityMicrosoft Exchange Server CVE-2021-26858 Remote Code Execution Vulnerability
Description
Microsoft Exchange Server Remote Code Execution Vulnerability found in Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2016 Cumulative Update 18,Microsoft Exchange Server 2019 Cumulative Update 8,Microsoft Exchange Server 2019 Cumulative Update 7,Microsoft Exchange Server 2016 Cumulative Update 19
Outbreak Alert
Firstly, if you are running an un-patched on-premise Microsoft Exchange version, you should upgrade immediately! This is a critical vulnerability that allows an attacker to access a desired user’s mailbox, requiring only the e-mail address of the user they wish to target! These details and more were disclosed by Volexity here. https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/ The vulnerabilities affect Exchange Server 2013, 2016 and 2019. Exchange Online is not affected.
Affected Applications
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 19
CVE References
CVE-2021-26858Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858| ID | 66855 |
| Created | Mar 07, 2021 |
| Description Updated |
Dec 21, 2023 |
| Outbreak Alert | Microsoft Exchange |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft Exchange Server 2013 Cumulative Update 23 , Microsoft Exchange Server 2016 Cumulative Update 18 , Microsoft Exchange Server 2019 Cumulative Update 8 , Microsoft Exchange Server 2019 Cumulative Update 7 , Microsoft Exchange Server 2016 Cumulative Update 19 |