The National Security Agency on Tuesday said it had warned Microsoft of several serious problems that criminals could use to hack the Exchange Server email system remotely.
Microsoft today released a series of Server Security updates that address a range of issues ranging from high to low.
Modern patches also deal with the risk of double coding on Microsoft Exchange Server: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483. All of these were acquired by the NSA and affect the Exchange Server 2013 to 2019 models.
The NSA helped Microsoft detect software errors, affecting Exchange Server 2013, 2016, and 2019. But it is not yet clear whether the government agency using the risk for its purposes.
The latest software bugs detected by the NSA are the 2013, 2016, and 2019 Exchange Server variants. Microsoft has stated that being vulnerable to exploitation would allow the attacker to compromise on a targeted computer.
As a Flaw exposed last month, it affects organizations that use the Exchange in their digital premises, unlike those that use cloud computing services.
“Cybersecurity is the security of the country. Network protectors now have the information needed to take action, but so do cybercriminals and hackers,” Rob Joyce, NSA’s Director of Cybersecurity, said in a statement.
“The attacker can use this vulnerability to access and maintain the resilience of the environment,” the US Cybersecurity and Infrastructure Security Agency (CISA) said in a public statement. The organization also instructed all government departments to file patches immediately.
“We recommend customers to install updates as soon as possible to ensure they remain protected from these threats and other threats,” Microsoft said in a blog post on Tuesday.