Update CVEs


An additional Microsoft Exchange advisory for on-prem servers has been issued April 13, as part of the April 2021 Patch Tuesday release.

Microsoft addressed four critical vulnerabilities in Microsoft Exchange Server. Two of these flaws can be exploited by remote, unauthenticated attackers without the need for any user interaction. The recommendation is to apply patches immediately based on the likelihood of these vulnerabilities being weaponized. Threat actors will move quickly to utilize these vulnerabilities.

CVE Vulnerability Type CVSSv3
CVE-2021-28480 Remote Code Execution 9.8
CVE-2021-28481 Remote Code Execution 9.8
CVE-2021-28482 Remote Code Execution 8.8
CVE-2021-28483 Remote Code Execution 9.0

Similar to last month’s out of band security update, these latest Exchange Server vulnerabilities affect only on-premises versions of Microsoft Exchange Server; Microsoft Exchange Online is not affected by these flaws.