Microsoft Exchange Server Remote Code Execution Vulnerabilities

Microsoft Exchange Server Remote Code Execution Vulnerabilities

Three critical *and one high* level Microsoft Exchange Server Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.8, 9.8, 9.0 and 8.8 were released.

Three critical *and one high* level Microsoft Exchange Server Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.8, 9.8, 9.0 and 8.8 were released.

An attacker who successfully exploits these vulnerabilities can run arbitrary code in the context of the system user.

The exploitation of these vulnerabilities requires an authenticated user in a certain exchange role to be compromised. Even though no exploits regarding these vulnerabilities have been discovered yet, due to their severity/criticality, it is highly recommended that the following patches be downloaded to ensure the safety of systems/assets.

Affected Systems

The servers/systems stated in the Recommended Solution section are affected by these vulnerabilities.

Reported IoCs

-

Recommended Solution(s)

Organizations using the following products are recommended to download the patches specified in the table below.

CVE / CWE

CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 and CVE-2021-28483

Resources

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28482
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28483

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.