cve detail

CVE-2023-21529

naam

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

KEV

bekend misbruikt

EPSS

percentiel

vendor

Microsoft

product

Exchange Server

toegevoegd aan KEV

13 apr 2026

due date

27 apr 2026

ransomware

Known

CWE

CWE-502

EPSS datum

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529