Tuesday, November 12, 2024
HomeComputer SecurityCritical Microsoft Exchange Server Vulnerabilities Could Allow Hackers to Control of Enterprise...

Critical Microsoft Exchange Server Vulnerabilities Could Allow Hackers to Control of Enterprise Networks

Published on

Malware protection

In a daily routine check-up, the cybersecurity experts of the U.S. National Security Agency have detected two critical Microsoft Exchange Server vulnerabilities.

After detecting the vulnerabilities, the analysts asserted that these two vulnerabilities could enable the threat actors to persistently access and control business networks.

However, in a threat report, the cybersecurity researchers have affirmed on Tuesday, that they have performed the monthly cycle, during the month when Microsoft delivers some patches for the vulnerabilities.

- Advertisement - SIEM as a Service

The security researchers have found these vulnerabilities proactively, or we can say that the vulnerabilities were disclosed to the security experts. 

Inventory Your Exchange Servers and Update to the latest Cumulative Update

According to the cybersecurity analysts’ recommendation, one should always use the Exchange Server Health Checker script, and users can easily download it from GitHub.  

Once the users run this script, it will eventually notify them if any of your Exchange Servers are performing these updates or not. 

Moreover, users must update to the latest cumulative update immediately so that they can evade themselves from such vulnerabilities.

Microsoft Released Security Updates 

Microsoft stated that these kinds of vulnerabilities are not new, and they have detected the very first vulnerability in April 2021.

Soon after the detection, the team of analysts has reported the vulnerability to Microsoft. And after the report, Microsoft has researched the whole matter and eventually pronounced that they were not aware of such exploits.

However, after knowing all the details regarding the vulnerability, Microsoft has suggested the users to install the latest update so that they can stay protected from such flaws.

Microsoft releases the security updates to patch the security flaws (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) found in the following Exchange Servers:-

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

Not only this, as these two vulnerabilities were also detected by NSA, and they have rated the vulnerability 9.8 out of 10.

According to them, these vulnerabilities are quite critical and harmful for the users. That’s why every customer must use Exchange Online rather than on-premise Exchange Servers.

While on the other side, ESET researchers have declared that nearly 10 different hacking groups were involved in this threat attack, and they are continuously taking advantage of the zero-day vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Maximizing Agent Productivity And Security With Workforce Management Software In Contact Centers

In the bustling world of customer service, the stakes are perpetually high—every missed call...

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

Understanding Crypto Macroeconomic Factors: Navigating Inflation, Rates, And Regulations 

Diving into the world of cryptocurrencies, I've found it's a fascinating intersection of technology...