CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
# microsoft# exchangeserver# cybersecurity# vulnerability
Freedom CoderMicrosoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
CVE ID
CVE-2023-21529
Vulnerability Name
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Project: Microsoft
- Product: Exchange Server
Date
- Date Added: 2026-04-13
- Due Date: 2026-04-27
Description
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529