Last week, security specialist Nguyen Jang has released technical information and proof-of-concept exploit (PoC) code for the severe flaw CVE-2021-28482 in Microsoft Exchange Server that could be used by hackers to perform code on vulnerable systems.

The flaw is one of the four critical and high severity vulnerabilities in the Microsoft Exchange Server (CVE-2021-28480CVE-2021-28481CVE-2021-28482CVE-2021-28483), reported by the U.S. National Security Agency (NSA) to Microsoft.

Even if the CVE-2021-28482 vulnerability is not as severe as the others, all these flaws are remote code execution (RCE) that could let threat actors compromise unprotected machines therefore Microsoft advises its users to install the most recent updates.

As stated by the U.S. National Security Agency (NSA), the dangerous vulnerabilities were recently brought to light by its experts and immediately reported to Microsoft.

Security specialist Nguyen Jang, who released before a PoC exploit for ProxyLogon vulnerabilities, published the PoC exploit code for the high-severity vulnerability in Microsoft Exchange Server on April 26.

This week, the researcher published on GitHub demo exploit for CVE-2021-28482 written in Python.

Will Dormann, a CERT/CC vulnerability specialist, successfully evaluated the PoC exploit and explained it could permit to hack into vulnerable MS Exchange installs.

Because the PoC hacking tool was considered to be a threat to Microsoft’s clients using the Microsoft Exchange solution, not long after the publication GitHub took it down.

Nguyen Jang stated that he has published the PoC code as a wake-up call on the latest flow of attacks and gave the opportunity to his colleagues to study the code used in the hacks.

The vulnerability analyst told BleepingComputer that even if this bug is not as serious as ProxyLogon, since it does not allow en-masse scanning or exploitation, a real-life scenario for leveraging it exists:

But, any Exchange instance where a single user has a password that has been leaked, or any organization that has a single malicious or even just compromised insider is at risk if they have not installed April’s Exchange update.


The public availability of the PoC exploit constitutes a significant risk to organizations operating unpatched on-premise Microsoft Exchange machines therefore companies are urged to install the newest patches for Exchange Server.

NSA: New Critical Vulnerabilities Found in Microsoft Exchange Server

Black Kingdom Ransomware Is Exploiting Microsoft Exchange Vulnerabilities

PoC Exploit for Microsoft Exchange Launched

Heimdal™ Releases Vulnerability Data on the Microsoft Exchange Patch

Leave a Reply

Your email address will not be published. Required fields are marked *