Get Help Now



Address Vulnerabilities from the Microsoft Exchange 2021 Exploits

Posted December 18, 2020

Last week, Microsoft released an advisory surrounding four vulnerabilities being actively exploited within on-premises Microsoft Exchange servers. These vulnerabilities, tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 could permit a remote, unauthenticated attacker to execute code.

If your organization or institution has an Internet-accessible Microsoft Exchange server (on-premise only), it is recommended to:

  1. Update Microsoft Exchange to the latest version as of March 2, 2021.
  2. Identify Indicators of Compromise (IOC) provided by Microsoft as an efficient method to detect whether exploitation occured.
  3. Remove web shells which may be accessible from the Internet.
  4. Monitor and validate the security and confidentiality of Microsoft Exchange.

GreyCastle Security has responded to numerous security incident involving this specific exploit, and in most cases, did not identify significant impacts. Specifically, most organizations and institutions, unless specifically targeted by actors, are typically observed having indicators such as web shells present, but no manual interaction with the impacted asset.

For more information surrounding this vulnerability, including scripts which can be executed, Indicators of Compromise (IOC), and context, see the following resources:

If you believe you have experienced a security incident, call our incident response hotline immediately: (800) 403-8350.

GreyCastle Security’s line of solutions can proactively address threats to your environment as your trusted long-term cybersecurity partner. A Compromise Assessment can proactively identify and respond to a security incident such as this and can determine if threats are present. To learn more about the GreyCastle Security Compromise Assessment, please email


Let’s Discuss Your Cybersecurity Needs

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us