Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31196
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 14 July 2021
Badges
What is CVE-2021-31196?
Microsoft Exchange Server Remote Code Execution Vulnerability
CISA has reported CVE-2021-31196
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-31196 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Microsoft Exchange Server 2013 Cumulative Update 23 x64-based Systems 15.00.0 < 15.00.1497.023
Microsoft Exchange Server 2016 Cumulative Update 20 x64-based Systems 15.01.0 < 15.01.2242.012
Microsoft Exchange Server 2016 Cumulative Update 21 x64-based Systems 15.01.0 < 15.01.2308.014