1 min read

Mitigation Instructions for CVE-2021-26857

SUBJECT: Microsoft Exchange Server Remote Code Execution Vulnerability



Criticality: Critical


CVE-2021-26857 is a recently disclosed vulnerability in the Microsoft Exchange Server that could allow an attacker to execute arbitrary code remotely. This vulnerability affects Exchange Server 2013, 2016, and 2019.
The vulnerability exists due to improper validation of user-supplied data by the Exchange Server. An attacker could send a specially crafted request to the server, which could lead to the execution of arbitrary code in the context of the system user.
If exploited, the vulnerability could allow an attacker to take full control of the affected system, including stealing data, installing malware, or conducting other malicious activities.


This vulnerability is being actively exploited in the wild by APT group Ryuk.


Install the latest security updates: Microsoft has released security updates that address the CVE-2021-26857 vulnerability. It is recommended that affected systems are updated as soon as possible to prevent exploitation.

Check for indicators of compromise: Microsoft has released tools and guidance to help identify potential indicators of compromise on affected systems. It is recommended to follow these guidelines and check for any signs of malicious activity.

Monitor for suspicious activity: It is recommended to monitor the network for any suspicious activity that may indicate an attempt to exploit the vulnerability.

Review Exchange logs: Review the Exchange Server logs to determine if the system has been compromised. Specifically, look for any suspicious activity related to the ECP application pool.

Implement additional security controls: It is recommended to implement additional security controls to help prevent exploitation of the vulnerability. For example, implementing multi-factor authentication, disabling legacy authentication protocols, and configuring network segmentation.

It is important to note that these are just mitigation instructions and do not address the underlying vulnerability. Affected systems should be patched as soon as possible to fully remediate the issue. Additionally, it is recommended to follow best practices for securing Exchange Server and regularly review security policies and configurations to help prevent future vulnerabilities.


Mitigation Instructions for CVE-2020-2021

SUBJECT:CVE-2020-2021: Improper Verification of Signatures in PAN-OS SAML Authentication

Read More

Mitigation Instructions for CVE-2019-1579

SUBJECT:CVE-2019-1579  Remote Code Execution in PAN-OS GlobalProtect Interface

Read More

Mitigation Instructions for CVE-2021-27065

SUBJECT:CVE-2021-27065 Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)

Read More