Microsoft Exchange Servers

SpearTip | April 14th, 2021


April 13 is Patch Tuesday for Microsoft and they’ve released four different remote code execution vulnerabilities with critical scores.

CVE-2021-28480 (9.8 CVSSv3) – RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

CVE-2021-28481 (9.8 CVSSv3) – Windows NTFS Denial of Service Vulnerability

CVE-2021-28482 (8.8 CVSSv3) – Windows Installer Information Disclosure Vulnerability – PolarBear

CVE-2021-28483 (9.0 CVSSv3) – Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

None of these vulnerabilities have been actively exploited in the wild, but the National Security Agency warned these will be exploited by threat actors in no time if they are not patched. “NSA urges applying critical Microsoft patches released today, as exploitation of these vulnerabilities could allow persistent access and control of enterprise networks.”, NSA Cyber explained in a tweet.

The Microsoft Exchange Servers At Risk

Microsoft Exchange Server 2013

Microsoft Exchange server 2016 – CU19 and CU20

Microsoft Exchange server 2019 – CU8 and CU9

The NSA is credited for discovering all four of these vulnerabilities finding two of them are pre-authentication which will require immediate attention. The NSA’s Director of Cybersecurity warned, “Network defenders now have the knowledge needed to act, but so do adversaries and malicious cyber actors. Don’t give them the opportunity to exploit this vulnerability on your system.”

SpearTip’s engineers are actively monitoring this situation as many organizations may be vulnerable. If you think your organization needs assistance in mitigating these threats through patch management and/or continuous monitoring, call our security operations center at 833.997.7327.

If you still haven’t patched the four previous vulnerabilities from last Patch Tuesday, the patching of these new vulnerabilities are cumulative meaning they’ll cover all eight.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.