A security expert released technical details and proof-of-concept exploit (PoC) code for the high-severity vulnerability CVE-2021-28482 in Microsoft Exchange that could be exploited by remote attackers to execute arbitrary code on vulnerable systems.
April 2021 Microsoft Patch Tuesday security updates addressed four critical and high severity vulnerabilities in Exchange Server (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483), some of these flaws were reported by the U.S. National Security Agency (NSA).
All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.
The NSA confirmed that the critical vulnerabilities in the Microsoft Exchange server were recent discovered by its experts that immediately reported them to Microsoft.
“After we disclosed these vulnerabilities to Microsoft, they promptly created a patch. NSA values partnership in the cybersecurity community. No one organization can secure their networks alone” states the NSA.