Co-written by: Ryan Barnett \r\n AppSec Protections for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 \r\n On March 2, 2021, the Microsoft Security Response Center alerted its customers to several critical security updates to Microsoft Exchange Server, addressing vulnerabilities currently under attack.  \r\n  The United States Computer Emergency Readiness Team Cybersecurity and Infrastructure Security Agency also issued an alert with recommendations on how to mitigate the vulnerabilities.  \r\n \r\n CVE-2021-26855 allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information. \r\n \r\n CVE-2021-26857 , CVE-2021-26858 , and CVE-2021-27065 allow for remote code execution.…