CVE-2021-31207

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2013 through 2019

Description The issue is related to a security feature bypass vulnerability in Microsoft Exchange Server, which can be exploited by a remote attacker to execute arbitrary code with SYSTEM privileges. This vulnerability is associated with errors in security settings. There have been real-world incidents where this issue was exploited, including the Change Healthcare hack, where attackers used stolen credentials without multi-factor authentication. The UnitedHealth group was also affected. Additionally, there have been reports of ransomware gangs taking credit for disruptive cyberattacks, such as the MGM Resorts cyberattack. The vulnerability has been classified as critical, with a mainstream maturity level.

Recommendations For Microsoft Exchange Server versions 2013 through 2019, update to a version that includes the security fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation. Avoid using stolen or weak credentials, and ensure multi-factor authentication is enabled to prevent unauthorized access. Restrict access to the system from remote locations, if possible, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.