Microsoft quickly addresses Exchange Server RCE vulnerability
2 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Key notes
- This Critical RCE vulnerability finally got dealt with this month.
- We're talking about the Microsoft Exchange Server vulnerability.
- Attackers could actually execute their code through a network call.
- CVE-2022-23277 is only one of 71 released during this month's PT.
Since everyone is talking about the latest Patch Tuesday rollout, which happened today, March 8th, 2022, we’re going to show you another vulnerability that you can scratch off your list.
As you probably know by now, out of the 71 vulnerabilities that got addressed this month, one in particular sticks out if you are a Windows Exchange Server user.
Microsoft Exchange Server is a mail and calendaring server developed by the Redmond tech company, and it runs exclusively on Windows Server operating systems, in case you were wondering.
And if you ever dealt with this issue, or simply heard about it and prayed you would never get affected, the Microsoft Exchange Server Remote Code Execution Vulnerability is gone forever.
Another Critical RCE vulnerability safely removed
Needless to say, no software is 100% safe, no matter how many guarantees developers are willing to make. Attacks can happen at any minute and nobody is safe in this everchanging online environment.
Now, we know that Microsoft’s operating systems are full of traps and dangerous bugs, but many of you might not have been aware of this problem.
Experts state that the vulnerability would actually allow an authenticated third party to execute their code with elevated privileges through a network call.
It goes without saying that this could have quickly turned into a perilous situation for the victim of such vicious cyber-attacks.
As you saw, this vulnerability (CVE-2022-23277) is also listed as low complexity with exploitation more likely, meaning that we could totally see this bug exploited in the wild soon.
And yes, this can be done by attackers, despite the authentication requirement, so keep that in mind if you were thinking about postponing adding this software to your device.
Security experts advise users to immediately test and deploy this to their Exchange servers quickly, lowering the risk of an actual attack.
Adobe also released a brand new batch of Patch Tuesday updates today, but only for three of its products, which is a much smaller rollout than last month’s.
Are you aware of other vulnerabilities that Microsoft might have missed? Share your thoughts with us in the comments section below.
User forum
0 messages