CVE-2018-8581 — Microsoft Exchange Server

known ransomware use

Microsoft Exchange Server Privilege Escalation Vulnerability

Added to KEV

2022-03-03

Federal due date

2022-03-17

Vendor

Microsoft

Product

Exchange Server

EPSS

99.7th percentile (score 0.918, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2018-8581

CISA short description

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.