[PoC] CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability Alert

by do son · Published November 22, 2021 · Updated November 22, 2021

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5.

On November 22, 2021, we found that the poc of Microsoft Exchange Server flaw has been published on the Internet, the vulnerability number is CVE-2021-42321, with CVSS:3.1 of 8.8, the vulnerability level is serious. CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments.“In order to exploit this flaw, an attacker would need to be authenticated, which limits some of the impact. Microsoft says they are aware of ‘limited targeted attacks’ using this vulnerability in the wild,” says Satnam Narang, staff research engineer at Tenable.

Microsoft said: “We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.”

In this regard, we recommend that users install patches for Exchange Server in time.