CVE-2021-26412#

Statement on CVE-2021-26412 MS Exchange Vulnerability#

March, 2021

Information#

Microsoft Exchange Server Remote Code Execution Vulnerability

Severity#

Low

Response#

Melissa Data Corporation (“Melissa”) was not impacted by the attack to Microsoft Exchange Servers.

Melissa has examined its systems for indicators of compromise (IOCs) using the guidelines posted in the CISA Alert AA21-062A along with various resources from Microsoft. As no IOCs were found, Melissa has patched its servers with the emergency security updates from Microsoft. Patches were applied immediately to Edge Servers, CAS (Client Access Server), and Mailbox servers.

For details on the patches applied, please visit the following link: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

Melissa will continue to follow all guidance provided by Microsoft or CISA as necessary to prevent any future risks.