CVE-2021-42321: 
vulnerability analysis and mitigation

CVE-2021-42321 is a post-authentication remote code execution vulnerability affecting Microsoft Exchange Server 2016 (CU 21 and CU 22) and Exchange Server 2019 (CU 10 and CU 11). The vulnerability was disclosed on November 9, 2021, and specifically impacts on-premises Microsoft Exchange Server installations and Exchange servers deployed in a hybrid model, while Exchange Online customers are not affected (Arctic Wolf).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in the Microsoft.Exchange.Compliance.dll component, specifically within the serialization formatters implementation (NVD).

If successfully exploited, this vulnerability allows an authenticated attacker to execute arbitrary code with high privileges on affected Exchange Server installations. The severity of the impact is reflected in the high confidentiality, integrity, and availability ratings in the CVSS score (NVD).

Microsoft has released security updates to address this vulnerability. Organizations are advised to review Microsoft's advisory and apply the appropriate patches as soon as possible. Microsoft has also provided a PowerShell query that can be run directly on Exchange 2016 and 2019 Servers to identify potential prior exploitation activity associated with this vulnerability (Arctic Wolf).