QID 50115

Date Published: 2021-10-13

QID 50115: Microsoft Exchange Server Multiple Vulnerabilities October 2021

Microsoft Exchange Server is prone to multiple vulnerabilities:

Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability

KB Articles associated with this update are: KB5004780,KB5004779,KB5004778

Affected Versions:
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2013 Cumulative Update 23

QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.

Successful exploitation allows attackers to execute remote code.

  • CVSS V3 rated as Critical - 9.6 severity.
  • CVSS V2 rated as Medium - 5.8 severity.
  • Solution
    Customers are advised to refer to KB5007012, KB5007011 for information pertaining to this vulnerability.

    CVEs related to QID 50115

    Software Advisories
    Advisory ID Software Component Link
    KB5007011 URL Logo support.microsoft.com/help/5007011
    KB5007012 URL Logo support.microsoft.com/help/5007012