Friday, July 23, 2021

NSA Discovers new critical vulnerabilities in Exchange Servers

Must Read

Vietnam to shut down Facebook over censorship requests – Source

Vietnam has threatened to close down Facebook from the nation if it doesn't bow to government pressure to pay...

Transport for NSW confirms data theft in Accellion breach

Transport for New South Wales (TfNSW) has confirmed it will be affected by the cyberattack on the Accellion-run file...

Attackers abusing website’s contact form to deliver malware

Microsoft is warning businesses to beware of cybercriminals using company website contact forms to deliver the IcedID info-stealing banking trojan in...

The National Security Agency on Tuesday said it had warned Microsoft of several serious problems that criminals could use to hack the Exchange Server email system remotely.

Microsoft today released a series of Server Security updates that address a range of issues ranging from high to low.

Modern patches also deal with the risk of double coding on Microsoft Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483. All of these were acquired by the NSA and affect the Exchange Server 2013 to 2019 models.

The NSA helped Microsoft detect software errors, affecting Exchange Server 2013, 2016, and 2019. But it is not yet clear whether the government agency using the risk for its purposes.

The latest software bugs detected by the NSA are the 2013, 2016, and 2019 Exchange Server variants. Microsoft has stated that being vulnerable to exploitation would allow the attacker to compromise on a targeted computer.

As a Flaw exposed last month, it affects organizations that use the Exchange in their digital premises, unlike those that use cloud computing services.

“Cybersecurity is the security of the country. Network protectors now have the information needed to take action, but so do cybercriminals and hackers,” Rob Joyce, NSA’s Director of Cybersecurity, said in a statement.

“The attacker can use this vulnerability to access and maintain the resilience of the environment,” the US Cybersecurity and Infrastructure Security Agency (CISA) said in a public statement. The organization also instructed all government departments to file patches immediately.

“We recommend customers to install updates as soon as possible to ensure they remain protected from these threats and other threats,” Microsoft said in a blog post on Tuesday.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This