vulnerability
Microsoft CVE-2021-26857: Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Mar 2, 2021 | Mar 2, 2021 | Dec 1, 2023 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Mar 2, 2021
Added
Mar 2, 2021
Modified
Dec 1, 2023
Description
There exists an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit.
Solution(s)
msft-kb5000871-22fec8f5-e504-4971-a880-88bab21a1f37msft-kb5000871-28c56acf-f5f1-4a92-900d-0de0c58d61a4msft-kb5000871-82a6c7b8-34c1-4d23-879a-8b5963acc47dmsft-kb5000871-c6ed44ca-634b-4b5c-91ba-12232d8ec98emsft-kb5000978-4ecf02e7-963b-42d5-8c3d-07c90ec7f059
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.