{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-056.pdf"
    },
    "title": "Critical Vulnerability in Microsoft Exchange Server",
    "serial_number": "2021-056",
    "publish_date": "20-10-2021 14:40:00",
    "description": "On October 12, Microsoft released in the monthly Patch Tuesday a new batch of patches fixing several vulnerabilities, one of which could lead to remote code execution on certain versions of Microsoft Exchange servers. The vulnerability, identified as \"CVE-2021-26427\", has a CVSS3 score of 9 out of 10 and could allow an attacker to execute remote code on on-premise exchange servers. According to Microsoft, the attack vector for this vulnerability is adjacent, which means that the attacker needs to be in the same local network as the server to be able to exploit it.<br>No active exploitation of this vulnerability is known yet.",
    "url_title": "2021-056",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Microsoft\u00a0Exchange Server'\nversion: '1.0'\nnumber: '2021-056'\ndate: 'October 20, 2021'\n---\n\n_History:_\n\n* _20/10/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 12, Microsoft released in the monthly Patch Tuesday a new batch of patches fixing several vulnerabilities, one of which could lead to remote code execution on certain versions of Microsoft Exchange servers [1]. The vulnerability, identified as `CVE-2021-26427`, has a CVSS3 score of 9 out of 10 and could allow an attacker to execute remote code on _on-premise_ exchange servers [2]. According to Microsoft, the attack vector for this vulnerability is _adjacent_, which means that the attacker needs to be in the same local network as the server to be able to exploit it.\n\nNo active exploitation of this vulnerability is known yet.\n\n# Technical Details\n\nThere is not much detail available about how the vulnerability `CVE-2021-26427` could be exploited. Microsoft stated that the `CVE-2021-26427` is only exploitable from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, and it requires basic user privileges [2].\n\n# Affected Products\n\n* Microsoft Exchange Server 2019 Cumulative Update 10\n* Microsoft Exchange Server 2016 Cumulative Update 21\n* Microsoft Exchange Server 2013 Cumulative Update 23\n* Microsoft Exchange Server 2019 Cumulative Update 11\n* Microsoft Exchange Server 2016 Cumulative Update 22\n\nTo be exploitable, Microsoft Exchange Servers have to be _on-premise_ versions of Microsoft Exchange Server. Microsoft Exchange Online is not affected by these flaws.\n\n# Recommendations\n\nApplying the update released on October 12 to Exchange servers [2] is currently the only mitigation for this vulnerability.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2021.html>\n\n[2] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427>\n\n[3] <https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>20/10/2021 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 12, Microsoft released in the monthly Patch Tuesday a new batch of patches fixing several vulnerabilities, one of which could lead to remote code execution on certain versions of Microsoft Exchange servers [1]. The vulnerability, identified as <code>CVE-2021-26427</code>, has a CVSS3 score of 9 out of 10 and could allow an attacker to execute remote code on <em>on-premise</em> exchange servers [2]. According to Microsoft, the attack vector for this vulnerability is <em>adjacent</em>, which means that the attacker needs to be in the same local network as the server to be able to exploit it.</p><p>No active exploitation of this vulnerability is known yet.</p><h2 id=\"technical-details\">Technical Details</h2><p>There is not much detail available about how the vulnerability <code>CVE-2021-26427</code> could be exploited. Microsoft stated that the <code>CVE-2021-26427</code> is only exploitable from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, and it requires basic user privileges [2].</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Microsoft Exchange Server 2019 Cumulative Update 10</li><li>Microsoft Exchange Server 2016 Cumulative Update 21</li><li>Microsoft Exchange Server 2013 Cumulative Update 23</li><li>Microsoft Exchange Server 2019 Cumulative Update 11</li><li>Microsoft Exchange Server 2016 Cumulative Update 22</li></ul><p>To be exploitable, Microsoft Exchange Servers have to be <em>on-premise</em> versions of Microsoft Exchange Server. Microsoft Exchange Online is not affected by these flaws.</p><h2 id=\"recommendations\">Recommendations</h2><p>Applying the update released on October 12 to Exchange servers [2] is currently the only mitigation for this vulnerability.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2021.html\">https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/October-2021.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26427</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/\">https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}