Exchange Server
by Microsoft
Take action — actively targeted
Exchange Server is actively targeted by attackers. A significant proportion of its known vulnerabilities are being exploited.
What to do
- Apply all available updates immediately
- Review your exposure — is this internet-facing?
- Monitor vendor advisories for this product
What Attackers Target
Vulnerabilities with high exploit probability
36.0%
Confirmed actively exploited (CISA)
12.7%
Public exploit code available
4.0%
Based on 150 known vulnerabilities. Percentages show the proportion that are actively dangerous — a low percentage means most vulnerabilities in this product are not being exploited.
Most Dangerous Vulnerabilities
| CVE | CVSS | Exploit Probability | Confirmed |
|---|---|---|---|
| CVE-2020-0688 | 8.8 | 94.4% | Yes |
| CVE-2021-27065 | 7.8 | 94.3% | Yes |
| CVE-2021-34473 | 9.1 | 94.2% | Yes |
| CVE-2022-41040 | 8.8 | 94.1% | Yes |
| CVE-2021-34523 | 9.0 | 94.0% | Yes |
| CVE-2021-26855 | 9.1 | 94.0% | Yes |
| CVE-2021-31207 | 6.6 | 93.8% | Yes |
| CVE-2022-41080 | 8.8 | 93.8% | Yes |
| CVE-2021-42321 | 8.8 | 93.6% | Yes |
| CVE-2021-33766 | 7.3 | 93.6% | Yes |
| CVE-2020-17144 | 8.4 | 92.0% | Yes |
| CVE-2018-8581 | 7.4 | 91.5% | Yes |
| CVE-2022-41082 | 8.0 | 91.5% | Yes |
| CVE-2021-41349 | 6.5 | 91.1% | — |
| CVE-2020-16875 | 8.4 | 86.8% | — |
| CVE-2021-28480 | 9.8 | 86.4% | — |
| CVE-2017-8540 | 7.8 | 84.6% | Yes |
| CVE-2020-17132 | 9.1 | 82.8% | — |
| CVE-2021-28482 | 8.8 | 81.4% | — |
| CVE-2020-17143 | 8.8 | 79.2% | — |
65
/ 100
high-risk
Active Threat
50/50 · Critical
Exploit Availability
15/50 · Low
Score uses Wilson score intervals to account for sample size. Products with few CVEs are scored conservatively.