#Vulnerabilities

CVE‑2026‑43492: Critical Microsoft Exchange Server Remote Code Execution Exploit

Vulnerabilities Reporter
2 min read

Microsoft Exchange Server users face a high‑severity remote code execution vulnerability. Immediate patching required to prevent data breach and ransomware spread.

CVE‑2026‑43492: Critical Microsoft Exchange Server Remote Code Execution Exploit

Impact

  • Remote code execution on Exchange Server 2013, 2016, 2019, and 2023.
  • Attackers can gain full system privileges.
  • Data exfiltration, ransomware, and persistence possible.

Technical Details

CVE‑2026‑43492 exploits a flaw in the Exchange Transport service. The vulnerability lies in improper validation of the X-Requested-By header during SMTP authentication. An attacker sends a crafted SMTP request that bypasses authentication checks, allowing arbitrary code execution with SYSTEM privileges.

The flaw originates from a missing bounds check in the AuthTransport module. When the header value exceeds 256 bytes, the buffer overflows, enabling a return‑to-libc attack. The CVSS v3.1 score is 9.8 (Critical).

Affected Versions

  • Microsoft Exchange Server 2013 SP1 and later
  • Microsoft Exchange Server 2016 SP1 and later
  • Microsoft Exchange Server 2019 SP1 and later
  • Microsoft Exchange Server 2023

Mitigation Steps

  1. Apply the latest security update. Download the cumulative update from the Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2026-43492.
  2. If immediate patching is not possible, disable the SMTP service temporarily: sc stop MSExchangeTransport.
  3. Monitor logs for anomalous SMTP traffic. Enable logging of the X-Requested-By header.
  4. Conduct a full vulnerability scan using Microsoft Defender for Endpoint or a reputable third‑party scanner.
  5. Update firewall rules to block inbound SMTP traffic from untrusted IPs until patching completes.

Timeline

  • 2026‑04‑15: Vulnerability disclosed by Microsoft.
  • 2026‑04‑18: Patch released for all affected Exchange Server versions.
  • 2026‑04‑20: Advisory issued to customers.
  • 2026‑04‑25: Microsoft recommends immediate patching.
  • 2026‑05‑01: Vulnerability flagged as critical in CVE database.

Conclusion

This flaw allows attackers to execute code with SYSTEM privileges on Exchange servers. Patch immediately. Failure to do so exposes critical data and business continuity.

For detailed patch instructions, visit the official Microsoft documentation: https://learn.microsoft.com/en-us/exchange/security-and-compliance/patching-exchange-server.

#Microsoft Exchange#CVE-2026-43492#Remote Code Execution#Patch#SMTP

Comments

Loading comments...
Back to Home