Security Updates for Exchange (October 2021)
critical Nessus Plugin ID 154175
Language:
Synopsis
The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.Description
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26427)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-41348)
- A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-41350)
- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-34453)
Solution
Microsoft has released the following security updates to address this issue:-KB5007011
-KB5007012
See Also
Plugin Details
Severity: Critical
ID: 154175
File Name: smb_nt_ms21_oct_exchange.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 10/15/2021
Updated: 1/26/2022
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:U/RL:OF/RC:C
CVSS Score Source: CVE-2021-26427
CVSS v3
Risk Factor: Critical
Base Score: 9.6
Temporal Score: 8.3
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:exchange_server
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 10/12/2021
Vulnerability Publication Date: 10/12/2021
Reference Information
CVE: CVE-2021-26427, CVE-2021-34453, CVE-2021-41348, CVE-2021-41350