Author: Melodie Foster
Date: 15th April 2021
In Microsoft’s latest patch Tuesday, the company and the NSA are urging users to patch four newly disclosed Exchange server vulnerabilities, following the global attack on Exchange servers that took place several weeks ago.
The NSA found two remote code execution bugs in Exchange server which have both been given CVSS score of 9.8 out of 10 this is because both flaws are pre-authentication so an attacker would not need to authenticate to the vulnerable server to be able to exploit the vulnerability.
Other vulnerabilities included in the patch are for a wide range of Microsoft products: Windows to Edge (Chromium based), Azure, Microsoft Office, SharePoint Server and Exchange Server and others. Totalling at 114 vulnerabilities, April’s patch Tuesday’s have been the highest of 2021, with there being 19 critical flaws and a high zero day that is actively being exploited in the wild. The latter being a Win32k elevation of privileges that is being exploited by cybercriminal groups.
The flaws identified within the productivity suite of Microsoft Office also include four remote code execution bugs. Microsoft have said they impact all versions of Office, including Office 365.
Arcturus Deep Dives
Arcturus cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >