What We Do
How We Do
Resources
Company
Partners
Get Started
Security advisories

Microsoft Exchange Vulnerabilities Announced 

April 13, 2021 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On April 13th, Microsoft released its monthly bundle of security patches. Notably, this release includes four vulnerabilities impacting multiple versions of Microsoft on-premise Exchange Servers. All Exchange vulnerabilities received a rating of critical and could allow attackers to execute code on remote Exchange servers. Exploitation may allow persistent access and control of enterprise networks.

Exploitation in the wild has not been identified at this time. These vulnerabilities are considered “Exploitation More Likely” by Microsoft. The criticality of these vulnerabilities and the potential value of Exchange server exploits increases the likelihood of exploitation in the near future. Organizations are strongly recommended to apply the relevant security patches as soon as possible.

What we’re doing about it

What you should do about it

Additional information

All four of these vulnerabilities were discovered and reported to Microsoft by the National Security Agency (NSA). Two of the vulnerabilities (CVE-2021-28480, CVE-2021-28481) are remotely exploitable without authentication. Exploits for these vulnerabilities will be highly valuable to adversaries. Mitigating these vulnerabilities before exploits become available is critical.

Exchange Vulnerabilities:

Impacted Products:

References:

[1] https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/

[2] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480

[3] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481

[4] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28482

[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28483

View Most Recent Advisories