Microsoft has released security updates as a part of this month Patch Tuesday and it has a Zero Day exploits in Exchange Server, those vulnerabilities found in:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
These updates are available for the following specific builds of Exchange Server:
The CVSS score stands as CVSS:3.1 8.8 / 7.7 , Since the attacker need to be authenticated to exploit this Vulnerability.
The November 2021 security updates for Exchange Server address vulnerabilities of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019.
These vulnerabilities affect on-premises Microsoft Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action