| ID | 1090501609 |
| Created | Oct 31, 2022 |
| Updated | Oct 31, 2022 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | Windows |
| Affected App | MS_Exchange |
| Engine Version | 5.0.1 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-10-31 | 0.00333 |
Refine Search
Threat Encyclopedia
MS.Exchange.Server.UM.Core.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Exchange Server.
The vulnerability is due insufficient sanitization when handling a malicious configuration file. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted text file.
Affected Products
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857