What is CVE-2021-31209?

CVE-2021-31209 is a vulnerability in Microsoft Exchange Server that allows network-adjacent attackers to tamper with update data.

How severe is CVE-2021-31209?

CVE-2021-31209 has a severity rating of 6.5, which is considered high.

What is the affected software for CVE-2021-31209?

The affected software for CVE-2021-31209 includes Microsoft Exchange Server 2013, 2016, and 2019.

How can I fix CVE-2021-31209?

To fix CVE-2021-31209, apply the relevant patches or updates provided by Microsoft for your specific version of Exchange Server.

Where can I find more information about CVE-2021-31209?

You can find more information about CVE-2021-31209 on the Microsoft Security Response Center (MSRC) website and the Zero Day Initiative (ZDI) advisory.

Vulnerability/
CVE-2021-31209

high

8.1

11/5/2021

3/8/2024

CVE-2021-31209: (Pwn2Own) Microsoft Exchange Server Missing Check of Message Integrity Vulnerability

First published: Tue May 11 2021(Updated: )

Microsoft Exchange Server Spoofing Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2013-cumulative_update_23
Microsoft Exchange Server	=2016-cumulative_update_19
Microsoft Exchange Server	=2016-cumulative_update_20
Microsoft Exchange Server	=2019-cumulative_update_8
Microsoft Exchange Server	=2019-cumulative_update_9
Microsoft Exchange Server 2016	=19	fix available externally
Microsoft Exchange Server 2019	=8	fix available externally
Microsoft Exchange Server 2013	=23	fix available externally
Microsoft Exchange Server 2016	=20	fix available externally
Microsoft Exchange Server 2019	=9	fix available externally
Microsoft Exchange

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-31209?
CVE-2021-31209 is a vulnerability in Microsoft Exchange Server that allows network-adjacent attackers to tamper with update data.
How severe is CVE-2021-31209?
CVE-2021-31209 has a severity rating of 6.5, which is considered high.
What is the affected software for CVE-2021-31209?
The affected software for CVE-2021-31209 includes Microsoft Exchange Server 2013, 2016, and 2019.
How can I fix CVE-2021-31209?
To fix CVE-2021-31209, apply the relevant patches or updates provided by Microsoft for your specific version of Exchange Server.
Where can I find more information about CVE-2021-31209?
You can find more information about CVE-2021-31209 on the Microsoft Security Response Center (MSRC) website and the Zero Day Initiative (ZDI) advisory.

agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/title
agent/remedy
agent/references
agent/description
collector/nvd-api
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/zdi-advisory
source/ZDI
alias/ZDI-21-615
alias/ZDI-CAN-13594
alias/CVE-2021-31209
agent/software-canonical-lookup
agent/tags
agent/event
collector/msrc-cve
source/Microsoft
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2013-cumulative_update_23
version/microsoft exchange server/2016-cumulative_update_19
version/microsoft exchange server/2016-cumulative_update_20
version/microsoft exchange server/2019-cumulative_update_8
version/microsoft exchange server/2019-cumulative_update_9
canonical/microsoft exchange
canonical/microsoft exchange server 2019
version/microsoft exchange server 2019/8
canonical/microsoft exchange server 2016
version/microsoft exchange server 2016/20
canonical/microsoft exchange server 2013
version/microsoft exchange server 2013/23
version/microsoft exchange server 2019/9
version/microsoft exchange server 2016/19