Microsoft quickly addresses Exchange Server RCE vulnerability

News » Security » Patch Tuesday

Reading time icon 2 min. read

Calendar icon Published on

by Alexandru Poloboc 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • This Critical RCE vulnerability finally got dealt with this month.
  • We're talking about the Microsoft Exchange Server vulnerability.
  • Attackers could actually execute their code through a network call.
  • CVE-2022-23277 is only one of 71 released during this month's PT.
microsoft Exchange

Since everyone is talking about the latest Patch Tuesday rollout, which happened today, March 8th, 2022, we’re going to show you another vulnerability that you can scratch off your list.

As you probably know by now, out of the 71 vulnerabilities that got addressed this month, one in particular sticks out if you are a Windows Exchange Server user.

Microsoft Exchange Server is a mail and calendaring server developed by the Redmond tech company, and it runs exclusively on Windows Server operating systems, in case you were wondering.

And if you ever dealt with this issue, or simply heard about it and prayed you would never get affected, the Microsoft Exchange Server Remote Code Execution Vulnerability is gone forever.

Another Critical RCE vulnerability safely removed

Needless to say, no software is 100% safe, no matter how many guarantees developers are willing to make. Attacks can happen at any minute and nobody is safe in this everchanging online environment.

Now, we know that Microsoft’s operating systems are full of traps and dangerous bugs, but many of you might not have been aware of this problem.

Experts state that the vulnerability would actually allow an authenticated third party to execute their code with elevated privileges through a network call.

It goes without saying that this could have quickly turned into a perilous situation for the victim of such vicious cyber-attacks.

As you saw, this vulnerability (CVE-2022-23277) is also listed as low complexity with exploitation more likely, meaning that we could totally see this bug exploited in the wild soon.

And yes, this can be done by attackers, despite the authentication requirement, so keep that in mind if you were thinking about postponing adding this software to your device.

Security experts advise users to immediately test and deploy this to their Exchange servers quickly, lowering the risk of an actual attack.

Adobe also released a brand new batch of Patch Tuesday updates today, but only for three of its products, which is a much smaller rollout than last month’s.

Are you aware of other vulnerabilities that Microsoft might have missed? Share your thoughts with us in the comments section below.

More about the topics: patch tuesday

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.