Security News > 2021 > April > MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.

The four new Exchange Server vulnerabilities were fixed as part of this month's Patch Tuesday bundle and because of the severity of these issues, Microsoft has joined with the U.S. National Security Agency to urge the immediate deployment of the new fixes.

The NSA is credited with reporting two of the four Exchange Vulnerabilities - CVE-2021-28480 and CVE-2021-28481 - and the agency is warning.

These bugs may be wormable between Exchange servers.

"Considering the source, and considering these bugs also receive Microsoft's highest Exploit Index rating, assume they will eventually be exploited. Update your systems as soon as possible," ZDI added.

Of the 114 documented bugs, 19 are rated "Critical," Microsoft's highest severity rating.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/_fs7ck5zNqA/ms-patch-tuesday-nsa-reports-new-critical-exchange-flaws