RULE(RULE ID:334015)

Rule General Information
Release Date: 2021-11-03
Rule Name: Microsoft Exchange SecurityToken Disclosure Vulnerability (CVE-2021-33766)
Severity:
CVE ID:
Rule Protection Details
Description: An information disclosure vulnerability has been reported in Microsoft Exchange Server. The vulnerability is due to an unspecified flaw.A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted requests to the target system. Successful exploitation results in the disclosure of sensitive information.
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows
Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766
ZeroDayInitiative:ZDI-21-798
Solutions
The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33766