"NSA Alerts About Four Critical Vulnerabilities in Microsoft Exchange Servers"

The National Security Agency (NSA) issued alerts about four critical vulnerabilities found in 2013, 2016, and 2019 versions of the Microsoft Exchange Server. The exploitation of these vulnerabilities could allow attackers to perform remote code execution on targeted systems. Microsoft stated that there is no evidence of hackers actively exploiting the vulnerabilities. In addition, Microsoft released security patches to address the critical flaws. The four vulnerabilities reported by the NSA include an RPC endpoint mapper service elevation of privilege vulnerability, Windows NTFS denial-of-service vulnerability, Windows installer information disclosure vulnerability, and an Azure ms-rest-nodeauth library elevation of privilege vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to install the newly released Microsoft Exchange security updates. CISA has warned that threat actors could reverse engineer the security patches to develop working exploits because of their severity and public disclosure. This article continues to discuss the four critical vulnerabilities discovered in Microsoft Exchange Servers, what the exploitation of these bugs could allow threat actors to do, Microsoft's release of security fixes for these vulnerabilities, and CISA's order to federal agencies to install the patches

CISO MAG reports "NSA Alerts About Four Critical Vulnerabilities in Microsoft Exchange Servers"