CVE-2021-1730

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server (affected versions not specified)

Description: A spoofing issue exists in Microsoft Exchange Server, related to errors in information representation by the user interface. This could allow a remote attacker to conduct spoofing attacks, potentially impersonating a user. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations: To prevent these types of attacks, download inline images from different DNS domains than the rest of OWA. Please see further instructions in the FAQ to put in place these mitigations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.