Security

Mitigation Instructions for CVE-2021-26858

Written by CyRisk Vulnerability Management Team | Apr 11, 2023 8:04:10 PM

SUBJECT: CVE-2021-26858 Microsoft Exchange Server Security Feature Bypass Vulnerability

TECH STACK: Microsoft Exchange Server v. 2013, 2016, 2019

DATE(S) ISSUED: March 2, 2021

CRITICALITY: High

OVERVIEW: The Microsoft Exchange Server Security Feature Bypass vulnerability (CVE-2021-26858) is a vulnerability that could allow an attacker to bypass security measures in the Microsoft Exchange Server. The vulnerability exists due to a flaw in the way the Exchange Server handles certain requests.

THREAT INTELLIGENCE: The vulnerability has not been actively exploited in the wild. However, Microsoft has rated the severity of the vulnerability as "Important" and has released a security update to address the issue.

SOLUTION: Microsoft has released a security update that addresses the CVE-2021-26858 vulnerability, and it is recommended that affected systems are updated as soon as possible to prevent exploitation. Additionally, it is recommended to follow best practices for securing Exchange Server, such as implementing network segmentation, access controls, and other security measures.

REFERENCES: Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858