Using [on-prem] Microsoft Exchange?
Do this: Apply the April 2021 Security Updates from Microsoft.
Why: 19 of the 114 flaws patched by the update have been rated as critical and actively being exploited. Additionally, the NSA has contributed to the security holes reported to Microsoft by adding an additional four RCE vulnerabilities to the list that affect Microsoft Exchange. CVEs:
Using Google Chrome (any platform)?
Do this: Update to the latest version.
Why: Google has patched a few important security vulnerabilities, two of which are known to be actively exploited at this time. "Google is aware of reports that exploits for CVE-2021-21206 and CVE-2021-21220 exist in the wild," Prudhvikumar Bommana, Chrome Technical Program Manager.
Additional Info: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
Using the OpENer Stack?
Do this: Update to the latest version—newer than Feb 10, 2021.
Why: Researchers reported new vulnerabilities in the open source protocol stack—the most severe of which—may allow for remote code execution. CVEs:
- CVE-2020-13556 (9.8/10)
- CVE-2021-27478 (8.2/10)
- CVE-2021-27482 (7.5/10)
- CVE-2021-27500 (7.5/10)
- CVE-2021-27498 (7.5/10)
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.