KLA12224
Multiple vulnerabilities in Microsoft Exchange Server

Updated: 07/30/2021
Detect date
?
07/13/2021
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Exchange Server can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely to obtain sensitive information.
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 21

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-31196
CVE-2021-34470
CVE-2021-31206
CVE-2021-34473
CVE-2021-34523
CVE-2021-33766
CVE-2021-33768

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2021-311966.5High
CVE-2021-344705.2High
CVE-2021-312067.5Critical
CVE-2021-3447310.0Critical
CVE-2021-345237.5Critical
CVE-2021-337665.0Critical
CVE-2021-337685.2High
KB list

5001779
5004780
5004778
5004779
5003611
5003612

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region