CVE-2021-27065

high

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

From the Tenable Blog

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild

Published: 2021-03-03

Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.

References

https://www.bleepingcomputer.com/news/security/us-indicts-black-kingdom-ransomware-admin-for-microsoft-exchange-attacks/

https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/

https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html

https://hackread.com/chinese-silk-typhoon-group-it-tools-network-breaches/

https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/

https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

https://www.trendmicro.com/en_us/research/24/k/earth-estries.html

https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

https://www.darkreading.com/threat-intelligence/prometei-botnet-cryptojacker-worldwide

https://www.trendmicro.com/en_us/research/24/j/unmasking-prometei-a-deep-dive-into-our-mxdr-findings.html

https://cyware.com/resources/research-and-analysis/beneath-the-surface-avoslockers-ransomware-as-a-service-and-cybercrime-tactics-f14f

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a

https://news.sophos.com/en-us/2021/03/23/blackkingdom-ransomware-still-exploiting-insecure-exchange-servers/

https://news.sophos.com/en-us/2021/03/15/dearcry-ransomware-attacks-exploit-exchange-server-vulnerabilities/

https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/

https://msrc.microsoft.com/blog/2021/03/multiple-security-updates-released-for-exchange-server/

https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/

https://www.tenable.com/blog/salt-typhoon-an-analysis-of-vulnerabilities-exploited-by-this-state-sponsored-actor

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.tenable.com/blog/proxynotshell-owassrf-tabshell-patch-your-microsoft-exchange-servers-now

https://www.tenable.com/blog/cisa-top-20-cves-exploited-peoples-republic-of-china-state-sponsored-actors-aa22-279a

https://www.tenable.com/blog/aa22-257a-cybersecurity-joint-advisory-on-iranian-islamic-revolutionary-guard-ransomware

https://www.tenable.com/blog/government-advisories-warn-of-apt-activity-resulting-from-russian-invasion-of-ukraine

https://www.tenable.com/blog/how-to-identify-compromised-microsoft-exchange-server-assets-using-tenable

https://www.tenable.com/blog/healthcare-security-ransomware-plays-a-prominent-role-in-covid-19-era-breaches

https://www.tenable.com/blog/microsoft-s-march-2021-patch-tuesday-addresses-82-cves-cve-2021-26411

https://www.tenable.com/blog/finding-proxylogon-and-related-microsoft-exchange-vulnerabilities-how-tenable-can-help

https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065

http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2021-03-03

Updated: 2025-03-07

Named Vulnerability: ProxyShellNamed Vulnerability: ProxyLogonKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.9423

Detections

Analytics