MS.Exchange.Server.CVE-2021-42321.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution in Microsoft Exchange Server.
The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data or execute arbitrary code within the context of the application, via a crafted HTTP request.
Outbreak Alert
The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.
Affected Products
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |