Exploit released for Microsoft Exchange RCE bug, patch now

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 and was patched by Microsoft during this month’s Patch Tuesday.

On Sunday, almost two weeks after the CVE-2021-42321 patch was issued, researcher Janggggg published a proof-of-concept exploit for the Exchange post-auth RCE bug.

“Our recommendation is to install these updates immediately to protect your environment,” the company said, urging Exchange admins to patch the bug exploited in the wild.

If you haven’t yet patched this security vulnerability in your on-premises servers, you can generate a quick inventory of all Exchange servers in your environment that need updating using the latest version of the Exchange Server Health Checker script.

In August, threat actors also began scanning for and breaching Exchange servers by exploiting ProxyShell vulnerabilities after security researchers reproduced a working exploit.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.