CVE-2021-26857

Confirmed PUBLISHED

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft · Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019, Microsoft Exchange Server 2013 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 2, Microsoft Exchange Server 2016 Cumulative Update 13, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 3, Microsoft Exchange Server 2016 Cumulative Update 14, Microsoft Exchange Server 2019 Cumulative Update 4, Microsoft Exchange Server 2016 Cumulative Update 15, Microsoft Exchange Server 2019 Cumulative Update 5, Microsoft Exchange Server 2019 Cumulative Update 6, Microsoft Exchange Server 2016 Cumulative Update 16, Microsoft Exchange Server 2016 Cumulative Update 17, Microsoft Exchange Server 2019 Cumulative Update 7, Microsoft Exchange Server 2016 Cumulative Update 18, Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 21, Microsoft Exchange Server 2016 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 1, Microsoft Exchange Server 2016 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 10, Microsoft Exchange Server 2016 Cumulative Update 11
Exploited in the wild Used in malware

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 94.0%

At a Glance

Microsoft Exchange Server Remote Code Execution Vulnerability

ransomware cisa malware microsoft
CVE Published
Mar 02, 2021
Exploitation Reported
Nov 03, 2021
CVSS
7.8 High
EPSS
94.0%
Low complexity Unauthenticated

Affected Versions

26 version rows · page 1 of 2

Vendor Product Version Status
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 19

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 8

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 22

15.00.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 2

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 13

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 23

15.00.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 3

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 14

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 4

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 15

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 5

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 6

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 16

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 17

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 7

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 18

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2010 Service Pack 3

14.0.0.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2013 Service Pack 1

15.00.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 21

15.00.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 12

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 8

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2019 Cumulative Update 1

15.02.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 9

15.01.0 to < publication

Affected
Microsoft
Microsoft Exchange Server 2016 Cumulative Update 10

15.01.0 to < publication

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.