Microsoft Exchange Server 2016 and 2019 Remote Code Execution Vulnerability
On April 13th 2021 Microsoft released a software update to mitigate significant vulnerabilities that affect on-premises Exchange Servers 2013, 2016, and 2019. An attacker could use these vulnerabilities to gain access and maintain persistence on the target host. These vulnerabilities are different from the ones disclosed and fixed in March 2021 – the security updates released in March 2021 will not remediate against these vulnerabilities.
Given the powerful privileges that Exchange manages by default and the amount of potentially sensitive information that is stored in Exchange servers , Exchange servers are a primary target for adversary activity.
The issued security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see below :-
- CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability
You can find out more information and download the updates manually here.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.