Published on: 03 March 2021
Microsoft has released an out-of-band security updates addressing multiple vulnerabilities in Microsoft Exchange Server. A successful exploitation of the four actively exploited vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) requires the ability to make an untrusted connection to Microsoft Exchange Server via port 443.
Reports indicate that active exploitation of the vulnerabilities in Microsoft Exchange Server (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065) have been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
A successful attack could lead to remote code execution on an affected system.
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.