CVE-2021-26857: 
vulnerability analysis and mitigation

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-26857) is an insecure deserialization vulnerability discovered in the Unified Messaging service of Microsoft Exchange Server. The vulnerability was disclosed on March 2, 2021, and affected multiple versions of Microsoft Exchange Server including 2019, 2016, and 2013 (NIST NVD, Microsoft Support).

The vulnerability exists due to insecure deserialization where untrusted user-controllable data is deserialized by the program. It received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is identified as CWE-502: Deserialization of Untrusted Data (Rapid7, NIST NVD).

When successfully exploited, this vulnerability allows attackers to run code with SYSTEM privileges on the Exchange server, granting them the highest level of access to the system. However, the exploitation requires either administrator permissions or another vulnerability to be successful (Rapid7).

Microsoft released security updates (KB5000871) for affected versions of Exchange Server. The update is available through Windows Update, Microsoft Update Catalog, and as standalone packages for different versions of Exchange Server. After applying the update, required services are automatically restarted (Microsoft Support).