virus logo Intrusion Prevention

MS.Exchange.Server.CVE-2021-42321.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution in Microsoft Exchange Server.
The vulnerability is due to insufficient sanitization when handling a malicious request. A remote attacker may be able to exploit this to disclose data or execute arbitrary code within the context of the application, via a crafted HTTP request.

description-logoOutbreak Alert

The Hive ransomware gang has received up to $100+ million in ransom payments from more than 1,300 victims according to a joint advisory released by the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-01-13 19.241 Sig Added
2022-01-12 19.238 Default_action:pass:drop
2021-11-30 18.205

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321
ID 50945
Created Nov 25, 2021
Updated Jan 12, 2022
Outbreak Alert Hive Ransomware
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2021-42321
Known Exploited Yes
Exploit Prediction Score 96.54%
Default Action drop
Active
Affected OS Windows
Affected App MS_Exchange