First published: Tue Feb 09 2021(Updated: )
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=7 | ||
=18 | ||
=2016-cumulative_update_18 | ||
=2019-cumulative_update_7 | ||
Microsoft Exchange Server | =2016-cumulative_update_18 | |
Microsoft Exchange Server | =2019-cumulative_update_7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1730 is a Microsoft Exchange Server Spoofing Vulnerability.
CVE-2021-1730 has a severity level of high (5.4).
Microsoft Exchange Server 2016 CU18 and Exchange Server 2019 CU7 are affected by CVE-2021-1730.
Apply the relevant patches provided by Microsoft for Exchange Server 2016 CU18 and Exchange Server 2019 CU7.
You can find more information about CVE-2021-1730 on the Microsoft Security Response Center's advisory page and the Microsoft Update Guide.