CVE-2023-21529
Microsoft Exchange Server Remote Code Execution Vulnerability
In short
A flaw in Microsoft Exchange Server allows attackers to execute arbitrary code on the server by sending specially crafted requests. This is critical because Exchange servers often handle sensitive business email and data.
Technical detail
Unsafe deserialization vulnerability (CWE-502) in Exchange Server allows remote code execution when processing malicious serialized objects. An attacker with network access can exploit this to achieve RCE without prior authentication.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 11Microsoft · Microsoft Exchange Server 2019 Cumulative Update 12Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/