Security News > 2021 > April > MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws
2021-04-13 18:26

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.

The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

The NSA is credited with reporting two of the four Exchange Vulnerabilities - CVE-2021-28480 and CVE-2021-28481 - and the agency is warning.

These bugs may be wormable between Exchange servers.

"Considering the source, and considering these bugs also receive Microsoft's highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible," ZDI added.

Of the 114 documented bugs, 19 are rated "Critical," Microsoft's highest severity rating.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/_fs7ck5zNqA/ms-patch-tuesday-nsa-reports-new-critical-exchange-flaws

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-28480 Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2021-04-13 CVE-2021-28481 Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
NSA 2 0 2 7 5 14