Two critical vulnerabilities with a CVSS 3.1 Score of 9.8, a critical vulnerability of 9.0 and a high-level vulnerability of 8.8 have been published in the Microsoft Exchange Server product.
These security vulnerabilities are valid in the versions listed below. Although there is no exploit detection regarding the published vulnerabilities, it is recommended to download the published patches over the relevant links in order not to damage the systems due to their criticality.
Solution Offers and CVE / CWE
Installing the updates listed in the table below is recommended.
CVE/CWE: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 ve CVE-2021-28483
Release date | Product | Impact | Severity | Article | Download | Details |
Apr 13, 2021 | Microsoft Exchange Server 2019 Cumulative Update 9 | Remote Code Execution | Critical | 5001779 | Security Update | CVE-2021-28480 |
Apr 13, 2021 | Microsoft Exchange Server 2016 Cumulative Update 20 | Remote Code Execution | Critical | 5001779 | Security Update | CVE-2021-28480 |
Apr 13, 2021 | Microsoft Exchange Server 2019 Cumulative Update 8 | Remote Code Execution | Critical | 5001779 | Security Update | CVE-2021-28480 |
Apr 13, 2021 | Microsoft Exchange Server 2016 Cumulative Update 19 | Remote Code Execution | Critical | 5001779 | Security Update | CVE-2021-28480 |
Apr 13, 2021 | Microsoft Exchange Server 2013 Cumulative Update 23 | Remote Code Execution | Critical | 5001779 | Security Update | CVE-2021-28480 |
Reference:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28480
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28481
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28482
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28483
Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.