Microsoft credited the NSA for finding two remote code execution vulnerability flaws (CVE-2021-28480 and CVE-2021-28481) in Exchange Server. Both bugs found by the NSA carry a CVSS score of 9.8 due to the risks of attacks without user interaction.

The flaws affect on-premise Exchange Server versions 2013 through 2019 and while there is no evidence of being exploited in the wild, Microsoft assesses that threat actors are likely to leverage them as soon as they create an exploit.

The NSA says that the discovery of critical vulnerabilities in the Microsoft Exchange server is recent and that they reported them immediately.

This is the second serious attack on Microsoft Exchange Servers in recent months and is a major headache for Microsoft and their clients using on-premise Exchange servers. Microsoft released emergency patches for Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 on March 2. At the time, the company said that four zero-day vulnerabilities which could lead to data theft and overall server hijacking were being actively exploited in “limited, targeted attacks.”

However, it was not long before multiple advanced persistent threat (APT) groups began to join in Exchange Server-based campaigns and it is estimated that thousands of systems belonging to organizations worldwide have been compromised.

As always, Integrity IT Solutions constantly monitor threats and have already been in touch with all of our clients who are affected.