Sunday, October 17, 2021

NSA Discovers new critical vulnerabilities in Exchange Servers

Must Read

Experts linked Chinese APT27 Group to Ransomware Attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be...

Near Up to 350,000 Spotify Users Targeted by Credential Stuffers

Security researchers have assisted Spotify handles a potentially considerable credential stuffing campaign after having an unsecured cloud database containing...

Kobalos malware is targeting supercomputers worldwide

A small but complex variation of malware is targeted at significant computer users worldwide.Reverse engineered by ESET and described...

The National Security Agency on Tuesday said it had warned Microsoft of several serious problems that criminals could use to hack the Exchange Server email system remotely.

Microsoft today released a series of Server Security updates that address a range of issues ranging from high to low.

Modern patches also deal with the risk of double coding on Microsoft Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483. All of these were acquired by the NSA and affect the Exchange Server 2013 to 2019 models.

The NSA helped Microsoft detect software errors, affecting Exchange Server 2013, 2016, and 2019. But it is not yet clear whether the government agency using the risk for its purposes.

The latest software bugs detected by the NSA are the 2013, 2016, and 2019 Exchange Server variants. Microsoft has stated that being vulnerable to exploitation would allow the attacker to compromise on a targeted computer.

As a Flaw exposed last month, it affects organizations that use the Exchange in their digital premises, unlike those that use cloud computing services.

“Cybersecurity is the security of the country. Network protectors now have the information needed to take action, but so do cybercriminals and hackers,” Rob Joyce, NSA’s Director of Cybersecurity, said in a statement.

“The attacker can use this vulnerability to access and maintain the resilience of the environment,” the US Cybersecurity and Infrastructure Security Agency (CISA) said in a public statement. The organization also instructed all government departments to file patches immediately.

“We recommend customers to install updates as soon as possible to ensure they remain protected from these threats and other threats,” Microsoft said in a blog post on Tuesday.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This