Microsoft Exchange Server Remote Code Execution Vulnerability

Added Nov. 3, 2021 • Due April 16, 2021 • CVE-2021-27065

Overdue Microsoft / Exchange Server Known Ransomware Use CWE-39

Description

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Required Action

Apply updates per vendor instructions.

References

Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 6 months ago