Author: Melodie Foster

Date: 15th April 2021

 

In Microsoft’s latest patch Tuesday, the company and the NSA are urging users to patch four newly disclosed Exchange server vulnerabilities, following the global attack on Exchange servers that took place several weeks ago.

The NSA found two remote code execution bugs in Exchange server which have both been given CVSS score of 9.8 out of 10 this is because both flaws are pre-authentication so an attacker would not need to authenticate to the vulnerable server to be able to exploit the vulnerability.

Other vulnerabilities included in the patch are for a wide range of Microsoft products: Windows to Edge (Chromium based), Azure, Microsoft Office, SharePoint Server and Exchange Server and others. Totalling at 114 vulnerabilities, April’s patch Tuesday’s have been the highest of 2021, with there being 19 critical flaws and a high zero day that is actively being exploited in the wild. The latter being a Win32k elevation of privileges that is being exploited by cybercriminal groups.

The flaws identified within the productivity suite of Microsoft Office also include four remote code execution bugs. Microsoft have said they impact all versions of Office, including Office 365.[1]

[1] https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/microsoft-february-2021-patch-tuesday-fixes-56-bugs-including-windows-zero-day/

 

 

Other resources

Cyber Success Stories

Arcturus cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here.
Find out more >

What can Arcturus do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Arcturus Deep Dives

Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >