Informative, up-to-date and exciting - the Oneconsult Cybersecurity Blog.

Zero-Day Vulnerabilities in Microsoft Exchange Actively Exploited – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 & CVE-2021-27065

by Nadia Meichtry

Four zero-day vulnerabilities in Microsoft’s Exchange email solution have been fixed through updates released by Microsoft on 2 March 2021. This affects Microsoft Exchange Server, but not Exchange Online. [1]

The vulnerabilities, three of which have been classified as critical, are actively exploited, most notably by the Chinese hacker group “Hafnium”. The attackers gained access to the servers and were thus able to exfiltrate credentials and emails. [2]

[read the German article]

Published on: 04.03.2021


Never miss the latest news on cyber security topics again? Sign up for our newsletter


Keine Beschreibung verfügbar.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 12:00 p.m. and 1:00 p.m. – 5:00 p.m (exception: customers with SLA – please call the 24/7 IRR emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

Add CSIRT to contacts