– Microsoft has released patches for four newly discovered vulnerabilities in the local Microsoft Exchange servers in 2016 and 2019. The Department of Homeland Security urges all federal agencies and private sector companies to give priority to the software update.
The NSA found the vulnerabilities and reported them to the Microsoft team. The errors have been assigned as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483.
For all four errors, “the vulnerable component is tied to the network stack, and the number of possible attackers extends beyond the other options listed to the entire Internet.”
These errors in executing remote code can be exploited at the log level. “One or more networks drop out, e.g. via one or more routers.” The possible …