May 6, 2021

Microsoft Exchange Server Remote Code Execution Vulnerabilities – CVE-2021-28480,CVE-2021-28481,CVE-2021-28482,CVE-2021-28483

Two critical vulnerabilities with a CVSS 3.1 Score of 9.8, a critical vulnerability of 9.0 and a high-level vulnerability of 8.8 have been published in the Microsoft Exchange Server product.

These security vulnerabilities are valid in the versions listed below. Although there is no exploit detection regarding the published vulnerabilities, it is recommended to download the published patches over the relevant links in order not to damage the systems due to their criticality.

Solution Offers and CVE / CWE

Installing the updates listed in the table below is recommended.

CVE/CWE: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 ve CVE-2021-28483

Release date Product Impact Severity Article Download Details
Apr 13, 2021 Microsoft Exchange Server 2019 Cumulative Update 9 Remote Code Execution Critical 5001779 Security Update CVE-2021-28480
Apr 13, 2021 Microsoft Exchange Server 2016 Cumulative Update 20 Remote Code Execution Critical 5001779 Security Update CVE-2021-28480
Apr 13, 2021 Microsoft Exchange Server 2019 Cumulative Update 8 Remote Code Execution Critical 5001779 Security Update CVE-2021-28480
Apr 13, 2021 Microsoft Exchange Server 2016 Cumulative Update 19 Remote Code Execution Critical 5001779 Security Update CVE-2021-28480
Apr 13, 2021 Microsoft Exchange Server 2013 Cumulative Update 23 Remote Code Execution Critical 5001779 Security Update CVE-2021-28480

Reference:

  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28482
  • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28483

Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *