Identification: CVE-2021-42321
CVSS: 8.8 of 10
Risk factor: high
Type of vulnerability: remote code execution
Type of the bug: incorrect authentication of .command-let (cmdlet) arguments
Technical explanation
This tracked security flaw known as CVE-2021-42321 that impacts Exchange Server 2016 and Exchange Server 2019, and according to Microsoft security advice, it occurs due to the incorrect authentication of cmdlet arguments.
This vulnerability only impact on-premises Exchanges servers that include server used in Exchange Hybrid mood (online customers of Exchange are immune against any attacks and need no action)
To know which one of Exchange Servers is impacted by the CVE-2021-42321 exploit, you need to execute the following PowerShell query in each of the Exchange servers:
Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }
Vulnerable versions
- Microsoft Exchange Server 2019
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2013
You can fix this flaw by installing the following security patch: