Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities - CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 - to take control of an affected system and can exploit one vulnerability - CVE-2021-26855 - to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

Further information on vulnerabilities and updates can be found at: microsoft.com