A proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Despite being the least severe of the bunch and requiring authentication, the risk that CVE-2021-28482 poses to companies is not to be neglected. Anyone running on-premise machines without Microsoft s April updates is in trouble – Will Dormann.
Source: https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-microsoft-exchange-bug-discovered-by-nsa/