Microsoft Patches Four More Critical Exchange Server Bugs

Apr 14, 2021 10:00 am Cyber Security 225

Microsoft Patches Four More Critical Exchange Server Bugs

Microsoft released patches for over 100 flaws for the first time this year yesterday, including one being actively exploited in the wild and four new critical Exchange Server bugs reported by the NSA.



The haul of 110 CVEs will keep sysadmins busy, with experts highlighting the zero-day elevation of privilege flaw in Win32k (CVE-2021-28310) as worthy of attention.



Although only rated as important, it may have been exploited in attacks for over a month already, according to Ivanti senior director of product management, Chris Goettl.



“This is a good example of the importance of using a risk-based prioritization approach. If you are basing your prioritization off vendor severity and looking at just the critical CVEs, you may have missed this one,” he explained.



“Fortunately for those organizations, this is part of the Windows 10 cumulative this month — which also includes Critical CVEs — but broadening your prioritization metrics to include risk metadata like exploited, publicly disclosed, and other indicators will help to ensure you prioritize the best possible set of updates to remediate in a timely fashion.”



The four critical Exchange Server flaws should also be a priority for sysadmins. CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483 are remote code execution bugs that all affect Microsoft Exchange Server versions 2013 to 2019.



Rec ..

Support the originator by clicking the read the rest link below.

microsoft patches critical exchange server
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!