Highlights and Updates

Microsoft Releases Out-of-Band Security Updates for Exchange Server

Tuesday, 2nd March 2021

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, andCVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

We encourage users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.