CVE-2021-31206: 
vulnerability analysis and mitigation

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206) was disclosed on July 13, 2021. This vulnerability affects Microsoft Exchange Server installations and was discovered by Steven Seeley (mr_me) of Source Incite (ZDI Advisory).

The vulnerability exists within the parsing of CAB files in Microsoft Exchange Server's CabUtility ExtractCab component. The specific flaw occurs when the process fails to properly validate user-supplied paths prior to using them in file operations. The vulnerability has a CVSS score of 7.1 (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity issue requiring network-adjacent access and user interaction (ZDI Advisory).

If successfully exploited, this vulnerability allows network-adjacent attackers to execute arbitrary code in the context of SYSTEM when combined with other vulnerabilities. The attack requires user interaction to be successful (ZDI Advisory).

Microsoft has released security updates to address this vulnerability. The fixes are available in the July 2021 security updates for Microsoft Exchange Server. Organizations should apply the relevant security update based on their Exchange Server version: KB5004778, KB5004779, or KB5004780 (Rapid7).