CVE-2021-26855

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the fixed version

Description The vulnerability in Microsoft Exchange Server is related to insufficient validation of incoming requests, allowing a remote attacker to execute arbitrary code. This can be achieved by sending specially crafted HTTPS requests, potentially containing malicious files and cookies, such as X-AnonResource-Backend and X-BEResource. The issue has been exploited in real-world incidents, with estimated numbers of affected devices not explicitly stated. Technical details include the exploitation of the vulnerability through API endpoints, although specific endpoints are not mentioned in the provided descriptions. The vulnerability has been used by various threat actors, including state-sponsored hackers, to breach email systems and steal data globally.

Recommendations Update all Microsoft Exchange servers with the latest security patches to address the vulnerability. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Apply configuration changes and follow best practices to minimize the risk of exploitation.