Exposures › CVE-2023-21529
Microsoft Exchange Server allows authenticated attackers to execute remote code via deserialization of untrusted data.
This vulnerability enables remote code execution in Microsoft Exchange Server, allowing attackers to compromise mail servers and potentially access sensitive data. DIB organizations must patch immediately to prevent ransomware exploitation and maintain FedRAMP/NIST 800-171 compliance. Failure to patch exposes organizations to data breaches and potential FCA penalties.
Shame score — A critical RCE vulnerability in a widely deployed product that was actively exploited and linked to ransomware.
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |