CVE-2023-21529
Published Feb 14, 2023
Last updated 2 months ago
AI description
CVE-2023-21529 is a remote code execution vulnerability affecting Microsoft Exchange Server. This flaw, categorized as an insecure deserialization issue (CWE-502), allows authenticated attackers with network access to execute arbitrary code on vulnerable Exchange Server installations. The vulnerability stems from the improper handling of serialized objects, which can be exploited through specially crafted requests. This means an attacker who has successfully authenticated to the Exchange server can leverage this weakness to compromise the system.
- Description
- Microsoft Exchange Server Remote Code Execution Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- exchange_server
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Apr 13, 2026
- Exploit action due
- Apr 27, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-502
- Hype score
- Not currently trending
🔴 Ransomware Intel WANNACRY Ransomware Gang: 33 New Victims Posted — Critical Infrastructure Targe… "CVE-2023-21529:** Microsoft Exchange Server Deserialization CVE-2026-20131:**…" 🔗 https://t.co/Po7R1rGfvC #CyberSecurity #ThreatIntel #ransomwaregang #wannacry #ra
@SecurityAr58409
29 Apr 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2023-21529 to KEV: authenticated deserialization → RCE on on-prem Exchange, and ransomware crews are using it. Microsoft patched in Feb 2023. If your Exchange box hasn't taken that update, this week. https://t.co/4yuOpRwcmN
@TechTranslators
25 Apr 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。4件についてランサムウェアによる悪用を確認。対象はPaperCut NG/MFのCVE-2023-27351、TeamCityのCVE-2024-27199、Exchange Sevr
@__kokumoto
21 Apr 2026
1024 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
1 Quote
🛡️ Microsoft Exchange Deserialization RCE Explained CVE-2023-21529 is a critical vulnerability in Microsoft Exchange Server. It involves the deserialization of untrusted data, allowing an authenticated attacker to achieve remote code execution. This is a classic example of
@xhackio
14 Apr 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2023-21529: Vulnerabilidad Crítica de Deserialización en Microsoft Exchange Server Análisis técnico de CVE-2023-21529, una vulnerabilidad de deserialización en Microsoft Exchange Server que permite ejecución remota de código. Impacto, mitigaci https://t.co/LOXH
@CiberPlanetaOrg
14 Apr 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Deserialización de Datos No Confiables en Microsoft Exchange Server (CVE-2023-21529) Microsoft Exchange Server sufre una vulnerabilidad de deserialización de datos no confiables (CWE-502) que permite ejecución remota de código (R
@CiberPlanetaOrg
14 Apr 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers chaining Microsoft Exchange Server deserialization exploits (CVE-2023-21529) with Windows privilege escalation vulnerabilities for lateral movement campaigns. Runtime segmentation helps contain post-compromise activity across cloud workloads.
@aviatrixtrc
14 Apr 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性7件をカタログに追加 CISA Adds Seven Known Exploited Vulnerabilities to Catalog #CISA (Apr 13) CVE-2012-1854 Microsoft Visual Basic for Applications のライブラリ読み込みの脆弱性 CVE-2020-9715 Adobe AcrobatのUse-Af
@foxbook
13 Apr 2026
285 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-21529 #Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://t.co/FOaSS8P5RM
@ScyScan
13 Apr 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]