KLA12224
Multiple vulnerabilities in Microsoft Exchange Server

Обновлено: 30/07/2021
Дата обнаружения
13/07/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Exchange Server can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely to obtain sensitive information.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 21

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-31196
CVE-2021-34470
CVE-2021-31206
CVE-2021-34473
CVE-2021-34523
CVE-2021-33766
CVE-2021-33768
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2021-311966.5High
CVE-2021-344705.2High
CVE-2021-312067.5Critical
CVE-2021-3447310.0Critical
CVE-2021-345237.5Critical
CVE-2021-337665.0Critical
CVE-2021-337685.2High
KB list

5001779
5004780
5004778
5004779
5003611
5003612

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе