On 13 April 2021 Microsoft released security updates to mitigate significant newly discovered vulnerabilities in Microsoft Exchange 2013, 2016 and 2019.
These vulnerabilities could be exploited by attackers to gain and persist access to Microsoft Exchange deployments. The patches previously released by Microsoft in March 2021 do not remediate these new vulnerabilities and organisations must apply Microsoft’s 13 April 2021 updates to prevent potential compromise.
The new vulnerabilities are:
- CVE-2021-28480 – remote code execution vulnerability in Exchange.
- CVE-2021-28481 – remote code execution vulnerability in Exchange.