[PoC] CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability Alert
On November 22, 2021, we found that the poc of Microsoft Exchange Server flaw has been published on the Internet, the vulnerability number is CVE-2021-42321, with CVSS:3.1 of 8.8, the vulnerability level is serious. CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments.“In order to exploit this flaw, an attacker would need to be authenticated, which limits some of the impact. Microsoft says they are aware of ‘limited targeted attacks’ using this vulnerability in the wild,” says Satnam Narang, staff research engineer at Tenable.
Microsoft said: “We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.”