CVE-2021-42321

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2013 through 2019

Description The issue is related to a remote code execution vulnerability in Microsoft Exchange Server, caused by insufficient validation of commandlet arguments. This allows a remote attacker to execute arbitrary code. There have been limited targeted attacks using this vulnerability in the wild. The vulnerability exists due to issues with the validation of cmdlet arguments, and exploitation requires authentication to a vulnerable Exchange Server.

Recommendations For Microsoft Exchange Server versions 2013 through 2019, update to a version that includes the security updates released in November 2021 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable cmdlet arguments until a patch is available. Restrict access to the Exchange Server to minimize the risk of exploitation.