CRITICAL RCE IN MICROSOFT EXCHANGE SERVER
Microsoft released patches to fix critical and high Remote Code Execution vulnerabilities, CVE2021-28480, CVE-2021-28481 CVE-2021-28482 & CVE-2021- 28483 in Microsoft Exchange Server.
Microsoft patches four zero-days vulnerabilities in Exchange server discovered by the US National Security Agency (NSA).
These four critical Exchange Server vulnerabilities CVE-2021-28480, CVE-2021- 28481, CVE-2021-28482, CVE-2021-28483 are impacting Microsoft Exchange Server 2013, 2016, and 2019.
The vulnerabilities allow a malicious person to completely take over Exchange Servers when they have network access to these servers. An attacker can then install malware and view data.
As these flaws are critical and exploitable, NSA warned that threat actors will weaponize and utilize these vulnerabilities to exploit unpatched Exchange servers.
These vulnerabilities are also wormable to other Exchange servers, and successful exploitation could allow persistent access and control of enterprise networks.