It is a pre-authentication vulnerability in the Microsoft Exchange Server. The attacker will not require authentication to access the vulnerable exchange server in order to exploit it. The attacker will be able to execute an arbitrary code on the system. This is done by sending a specially-crafted request.
Like the CVE-2021-28480, the CVE-2021-28481 is also a pre-authentication vulnerability. The attacker can exploit the vulnerability by performing reconnaissance against the intended target. The next step is to send specially crafted requests to the vulnerable Exchange server. The attacker can exploit the vulnerability to run an arbitrary code on the system.
It is a post-authentication vulnerability in the Microsoft Exchange Server. Unlike the above two, this vulnerability is only exploitable when the attacker has authenticated to a vulnerable Exchange Server. Once the attacker has authenticated the Exchange server, they will be able to execute arbitrary codes on the system.
It is a post-authentication vulnerability in the Microsoft Exchange Server. Once the attacker is able to authenticate to a vulnerable Exchange Server, they can run arbitrary codes on the server.
Remote Code Execution
Select and install the latest Microsoft Automatic Updates with the appropriate patch for your system. Use the Microsoft Security Update Guide to configure and search for the available patches. https://www.microsoft.com/en-us/download/details.aspx?id=103001