PDS Cyber Security Advisory:
Advisory Regarding Additional Vulnerabilities in On-Premises Microsoft Exchange 2013, 2016, 2019 Systems
Advisory Type: IT Security
Severity: Critical
Summary: PDS is providing the following communication to build awareness of 4 additional critical priorities in on-premises installations of Microsoft Exchange Server 2013, 2016, and 2019.
On April 13, 2021 Microsoft released the group of 114 patches in the April monthly update. As part of the patch group, four new critical issues regarding remote code execution vulnerabilities were announced and patched. These vulnerabilities are like, but more serious, than the four vulnerabilities announced and patched in early March.
The US National Security Agency (NSA) discovered these vulnerabilities and reported them to Microsoft. The following CVEs detail the findings and risks: CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, and CVE-2021-28483.
Exchange Online instances are not vulnerable to these issues.
We strongly advise customers to review the Microsoft advisories and patch on premises Exchange Servers immediately. PDS Architects are available to assist with the updates, your Account Director can assist in arranging support for this issue.
