Microsoft warns of two dangerous vulnerabilities in Exchange servers 2013, 2016 and 2019. It is the second time in a few months that critical vulnerabilities have been discovered in Exchange.
These are vulnerabilities CVE-2021-28480 and CVE-2021-28481. They are labeled as very serious by Microsoft. The vulnerabilities allow attackers to take over remote servers. Microsoft has released an update to address the vulnerability. Microsoft urges users to install the update as soon as possible.
According to Microsoft, there is currently no indication that the two vulnerabilities were actively exploited. The vulnerabilities were discovered by the US Secret Service NSA. It is not yet clear how the vulnerabilities were discovered.
Last month, four more zero-day vulnerabilities were patched by Microsoft. These were actively abused by Chinese hackers. Then security company Volexity discovered that large amounts of data were being sent to suspicious IP addresses.