Microsoft warns of two dangerous vulnerabilities in Exchange servers 2013, 2016 and 2019. It is the second time in a few months that critical vulnerabilities in Exchange have been discovered.
The vulnerabilities are CVE-2021-28480 and CVE-2021-28481. They are identified as very serious. The vulnerabilities allow attackers to take over servers remotely.
The company has released an update to address the vulnerability. Microsoft is urging users to install the update as soon as possible.
According to the company, there is currently no evidence that the two vulnerabilities were actively exploited. The vulnerabilities were discovered by the US Secret Service NSA. It is not yet clear how the vulnerabilities were discovered.
Last month, four more zero-day vulnerabilities were fixed by the company. These were actively abused by Chinese hackers.
Then security company Volexity discovered that large amounts of data were being sent to suspicious IP addresses.