Mail server

Microsoft quickly fixes Exchange Server RCE vulnerability

by Alexandre Poloboc

news editor

With an irresistible desire to always get to the bottom of things and find out the truth, Alex has spent most of his time working as a journalist, presenter, as well as on television and radio… Read more

  • This critical RCE vulnerability was finally addressed this month.
  • We are talking about the Microsoft Exchange Server vulnerability.
  • Attackers could actually run their code through a network call.
  • CVE-2022-23277 is just one of 71 released during this month’s PT.

Microsoft Exchange

Since everyone is talking about the latest Patch Tuesday rollout, which happened today, March 8, 2022, we’re going to show you another vulnerability you can cross off your list.

As you probably already know, of the 71 vulnerabilities that have been patched this month, one in particular stands out if you are a Windows Exchange Server user.

Microsoft Exchange Server is an email and calendar server developed by the Redmond technology company, and it runs exclusively on Windows Server operating systems, in case you were wondering.

And if you’ve dealt with this problem before, or just heard about it and prayed never to be affected, the Microsoft Exchange Server remote code execution vulnerability is gone forever.

Another critical RCE vulnerability safely removed

Needless to say, no software is 100% secure, no matter how many guarantees developers are willing to give. Attacks can happen at any time and no one is safe in this ever-changing online environment.

Now, we know that Microsoft’s operating systems are full of dangerous traps and bugs, but many of you might not have been aware of this problem.

Experts say the vulnerability would actually allow an authenticated third party to execute their code with elevated privileges via a network call.

Needless to say, this could have quickly turned into a perilous situation for the victim of such vicious cyberattacks.

As you’ve seen, this vulnerability (CVE-2022-23277) is also listed as low complexity with more likely exploitation, which means we could totally see this bug being exploited in the wild soon.

And yes, it can be done by attackers, despite the authentication requirement, so keep that in mind if you are planning to delay adding this software to your device.

Security experts advise users to immediately test and deploy this to their Exchange servers quickly, reducing the risk of an actual attack.

Adobe also released a brand new batch of Patch Tuesday updates today, but only for three of its products, which is a much smaller rollout than last month.

Do you know of any other vulnerabilities that Microsoft might have missed? Share your thoughts with us in the comments section below.