Microsoft has released security updates for Exchange Server 2013, 2016, and 2019, where 4 actively exploited #security vulnerabilities were fixed. 3 of them could allow remote code execution, and one vulnerability (CVE-2021-26855) could allow server-side request forgery.
To know more about this and what you should do as an organisation, the research team at nsfLABs has provided detailed information about these vulnerabilities, associated 0-day #exploits, threat actors as well as #IOCs and recommendation – see details below.
Should you require any support, kindly reach out to the team at notification at nsflabs dot ng
NB: nsfLABs is an initiative of Naijasecforce and the first private CERT service in Nigeria.
You can download the advisory below.