Microsoft, April Monthly Patch–Fixed “Exchange” Vulnerability Discovered by NSA

On April 13, Microsoft advised customers to promptly patch new vulnerabilities in Microsoft Exchange Server. Both Microsoft and the National Security Agency (NSA) are calling for the application of this monthly security patch, Patch Tuesday. Microsoft would like to thank the NSA for discovering two types of Remote Code Execution (RCE) vulnerabilities (“CVE-2021-28480” and “CVE-2021-28481”) lurking in Exchange Server. All of these vulnerabilities have been assigned a score of 9.8 by the Common Vulnerability Assessment System (CVSS) in that they may be able to carry out an attack without interaction with the user. Looking at the patch released this time as a whole, about included in products from “Windows” to “Microsoft Edge” (Chromium base), “Microsoft Azure”, “Microsoft Office”, “SharePoint Server”, Exchange Server It covers 110 vulnerabilities. According to Trend Micro’s Zero Day Initiative (ZDI) blog, the number of vulnerabilities addressed this time is the highest in the 2021 monthly patch. The company described the Exchange Server vulnerability as follows. We have not confirmed that these vulnerabilities have actually been exploited in attacks on our customers. However, given recent attacks on Exchange, we recommend that you apply updates as soon as possible to ensure protection from this type of attack. For Exchange Server, a few weeks ago, attacks exploiting zero-day vulnerabilities were reported on systems around the world. On March 2, Microsoft released a security update with an exception, saying that multiple vulnerabilities were found in Exchange Server and a limited targeted cyber attack that exploited them was confirmed. The vulnerability exists in “Exchange Server 2013”, “Exchange Server 2016”, and “Exchange Server 2019”. Microsoft said four zero-day vulnerabilities that could lead to data theft and server hijacking were being actively exploited in “limited targeted attacks.” He also warned that it was being abused by Hafnium, a Chinese APT (highly targeted attack) group suspected of involving the state. It is estimated that a large number of systems in various organizations around the world have been compromised. In addition to the March emergency patch, Microsoft has released information to mitigate the impact, as well as a one-click mitigation tool.