Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, andCVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.
We encourage users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
We encourage users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.
Information for industrial control systems owners, operators, and vendors.
Resources for information sharing and collaboration among government agencies.
Information for system administrators and technical users.