vulnerability

Microsoft Exchange: CVE-2021-1730: Microsoft Exchange Server Spoofing Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Feb 25, 2021	Aug 10, 2023	Aug 12, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Feb 25, 2021

Added

Aug 10, 2023

Modified

Aug 12, 2025

Description

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.
This update addresses this vulnerability.
To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.

Solutions

microsoft-exchange-exchange_server_2016_CU18-kb4571788microsoft-exchange-exchange_server_2019_CU7-kb4571787

References

CVE-2021-1730
https://attackerkb.com/topics/CVE-2021-1730
URL-https://support.microsoft.com/help/4571787
URL-https://support.microsoft.com/help/4571788

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today