Microsoft Exchange Server Vulnerabilities
Fix Microsoft Exchange Server on Windows Server
12 entries · Windows Server · Sorted by severity
Showing 1–12 of 12 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
| Active exploitation | CRITICALCISA KEV | KB5000871: Microsoft Exchange Server 2013 / 2016 / 2019 Security Update (March 2021)Microsoft Exchange Server Remote Code Execution — ProxyLogon Zero-Day (CVE-2019-0726)Microsoft Exchange Server | CVE-2021-26855+3 more | 9.8 | In the wild | Service Restart | Script |
| Active exploitation | CRITICALCISA KEV | KB5001779: Windows Server 2016 / 2019 Security Update (August 2021)Microsoft Exchange Server Pre-Auth RCE — ProxyShell (CVE-2021-34473)Microsoft Exchange Server | CVE-2021-34473+2 more | 9.8 | In the wild | Service Restart | Script |
| Active exploitation | CRITICALCISA KEV | KB5019758: Microsoft Exchange Server 2013 / 2016 / 2019 Security Update (October 2022)Microsoft Exchange Server Authenticated RCE — ProxyNotShell (CVE-2022-41082)Microsoft Exchange Server | CVE-2022-41040+1 more | 8.8 | In the wild | Service Restart | Script |
| Active exploitation | CRITICALCISA KEV | KB5000871: Windows Server 2016 / 2019 Security Update (May 2026)Pre-Authentication SSRF in Exchange Leads to Remote Code ExecutionMicrosoft Exchange Server | CVE-2021-26855+1 more | 9.8 | In the wild | Reboot Required | Script |
| Active exploitation | CRITICALCISA KEV | KB5035606: Windows Server Security Update (February 2024)Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2024-21410)Microsoft Exchange Server | CVE-2024-21410 | 9.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5019758: Windows Server Security Update (November 2022)Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2022-41080)Microsoft Exchange Server | CVE-2022-41080 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5023038: Windows Server Security Update (February 2023)Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability (CVE-2023-21529)Microsoft Exchange Server | CVE-2023-21529 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5004778: Windows Server Security Update (July 2021)Microsoft Exchange Server Information Disclosure Vulnerability (CVE-2021-31196)Microsoft Exchange Server | CVE-2021-31196 | 7.2 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB5001779: Windows Server Security Update (July 2021)Microsoft Exchange Server Information Disclosure (CVE-2021-33766)Microsoft Exchange Server | CVE-2021-33766 | 7.3 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4593467: Windows Server Security Update (December 2020)Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-17144)Microsoft Exchange Server | CVE-2020-17144 | 8.4 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | KB4536987: Windows Server Security Update (February 2020)Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability (CVE-2020-0688)Microsoft Exchange Server | CVE-2020-0688 | 8.8 | In the wild | Reboot Required | Script |
| Active exploitation | HIGHCISA KEV | Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2018-8581)Microsoft Exchange Server | CVE-2018-8581 | 7.4 | In the wild | Reboot Required | Script |