Microsoft Exchange Server Remote Code Execution Vulnerability Alert

Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5
On April 13, 2021, Microsoft had released a notice of Exchange security updates. This security update fixes four remote code execution vulnerabilities. The vulnerability number is CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483 with the CVSS of 9.8.

Vulnerability Detail

CVE-2021-28480/CVE-2021-28482/CVE-2021-28483/CVE-2021-28484: Microsoft Exchange Server Remote Code Execution Vulnerability

Attackers can use this vulnerability to bypass Exchange authentication and achieve the effect of command execution without user interaction. At the same time, these vulnerabilities are worm-level, so they can spread horizontally among Exchange servers on the intranet. Users must update them as soon as possible.

Affected version

  • Microsoft Exchange: 2013/2016/2019

Solution

In this regard, Microsoft has officially released a patch update for this vulnerability. User can download the patch through the following link according to its Exchange version: