What is CVE-2022-21855?

CVE-2022-21855 is a remote code execution vulnerability in Microsoft Exchange Server.

How severe is CVE-2022-21855?

CVE-2022-21855 has a severity rating of 9 out of 10, which is considered critical.

Which versions of Microsoft Exchange Server are affected by CVE-2022-21855?

CVE-2022-21855 affects Microsoft Exchange Server 2013 (Cumulative Update 23), Microsoft Exchange Server 2016 (Cumulative Update 21 and 22), and Microsoft Exchange Server 2019 (Cumulative Update 10 and 11).

How can I fix CVE-2022-21855?

To fix CVE-2022-21855, you need to install the appropriate security update provided by Microsoft.

Where can I find more information about CVE-2022-21855?

You can find more information about CVE-2022-21855 on the Microsoft Security Response Center website.

Vulnerability/
CVE-2022-21855

critical

11/1/2022

14/11/2024

CVE-2022-21855: Microsoft Exchange Server Remote Code Execution Vulnerability

First published: Tue Jan 11 2022(Updated: )

Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21846, CVE-2022-21969.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2013-cumulative_update_23
Microsoft Exchange Server	=2016-cumulative_update_21
Microsoft Exchange Server	=2016-cumulative_update_22
Microsoft Exchange Server	=2019-cumulative_update_10
Microsoft Exchange Server	=2019-cumulative_update_11
Microsoft Exchange Server 2013	=23	fix available externally
Microsoft Exchange Server 2016	=22	fix available externally
Microsoft Exchange Server 2016	=21	fix available externally
Microsoft Exchange Server 2019	=11	fix available externally
Microsoft Exchange Server 2019	=10	fix available externally

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-21855?
CVE-2022-21855 is a remote code execution vulnerability in Microsoft Exchange Server.
How severe is CVE-2022-21855?
CVE-2022-21855 has a severity rating of 9 out of 10, which is considered critical.
Which versions of Microsoft Exchange Server are affected by CVE-2022-21855?
CVE-2022-21855 affects Microsoft Exchange Server 2013 (Cumulative Update 23), Microsoft Exchange Server 2016 (Cumulative Update 21 and 22), and Microsoft Exchange Server 2019 (Cumulative Update 10 and 11).
How can I fix CVE-2022-21855?
To fix CVE-2022-21855, you need to install the appropriate security update provided by Microsoft.
Where can I find more information about CVE-2022-21855?
You can find more information about CVE-2022-21855 on the Microsoft Security Response Center website.

agent/author
agent/type
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/title
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/severity
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/event
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2013-cumulative_update_23
version/microsoft exchange server/2016-cumulative_update_21
version/microsoft exchange server/2016-cumulative_update_22
version/microsoft exchange server/2019-cumulative_update_10
version/microsoft exchange server/2019-cumulative_update_11
canonical/microsoft exchange server 2013
version/microsoft exchange server 2013/23
canonical/microsoft exchange server 2016
version/microsoft exchange server 2016/22
version/microsoft exchange server 2016/21
canonical/microsoft exchange server 2019
version/microsoft exchange server 2019/11
version/microsoft exchange server 2019/10