Microsoft has released out-of-band security updates to
address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and
2019. A remote attacker can exploit three remote code execution
vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take
control of an affected system and can exploit one
vulnerability—CVE-2021-26855—to obtain access to sensitive information.
CERT Bulgaria encourages users and administrators to review
the Microsoft
blog post and apply the necessary updates or workarounds.