NSA discovers critical Exchange Server vulnerabilities, patch now


Microsoft today has released security updates for Exchange Server that address a set of four vulnerabilities with severity scores ranging from high to critical. All the flaws lead to remote code execution on a vulnerable machine and were discovered and reported to Microsoft by the U.S. National Security Agency (NSA). Microsoft also found some of them internally. Given their severity level and the Microsoft Exchange hacking spree that started at the beginning of the year, organizations are strongly recommended to prioritize installing the latest patches. “Cybersecurity is national security. Network defenders now have the knowledge needed to act, but so do adversaries and malicious cyber actors,” Rob Joyce, NSA’s Director of Cybersecurity, said in a statement to BleepingComputer. “Don’t give them the opportunity to exploit this vulnerability on your system.”

https://www.bleepingcomputer.com/news/security/nsa-discovers-critical-exchange-server-vulnerabilities-patch-now/