Informative, up-to-date and exciting – the Oneconsult Cybersecurity Blog.

Zero-Day Vulnerabilities in Microsoft Exchange Actively Exploited – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 & CVE-2021-27065
(updated on: 29.12.2021)

by Nadia Meichtry

Four zero-day vulnerabilities in Microsoft’s Exchange email solution have been fixed through updates released by Microsoft on 2 March 2021. This affects Microsoft Exchange Server, but not Exchange Online. [1]

The vulnerabilities, three of which have been classified as critical, are actively exploited, most notably by the Chinese hacker group “Hafnium”. The attackers gained access to the servers and were thus able to exfiltrate credentials and emails. [2]

[read the German article]


Keine Beschreibung verfügbar.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 6:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

Add CSIRT to contacts