CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities Exploited in Attacks

Home Cyber Security News CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations regarding two severe Microsoft vulnerabilities. On April 13, 2026, the agency officially added flaws affecting Microsoft Exchange Server and the Windows Common Log File System (CLFS) Driver to its Known Exploited Vulnerabilities (KEV) catalog. According to CISA’s latest threat intelligence update, threat actors are actively exploiting both vulnerabilities in the wild. While it remains unknown whether these specific flaws are being exploited in active ransomware campaigns, the agency mandates that federal entities apply available patches by April 27, 2026, and strongly urges private organizations to do the same. Exchange Server Remote Code Execution The first critical vulnerability, tracked as CVE-2023-21529, affects Microsoft Exchange Server. This security flaw stems from the deserialization of untrusted data (CWE-502). Exploitation Mechanism: An authenticated attacker can manipulate how the Exchange server processes specific data to achieve remote code execution (RCE). Network Impact: Successful exploitation allows adversaries to run arbitrary malicious code on the compromised server, potentially granting them deep, persistent access into corporate networks. Threat Context: Exchange servers remain highly prized targets for cybercriminals. Because they store sensitive corporate communications and serve as gateways to internal network environments, patching CVE-2023-21529 should be treated as an immediate, high-priority task. Windows CLFS Privilege Escalation The second vulnerability, identified as CVE-2023-36424, is an out-of-bounds read flaw in the Microsoft Windows CLFS driver. Exploitation Mechanism: The CLFS driver fails to properly validate the boundaries of the memory it reads, which allows a local attacker to trigger the vulnerability. Network Impact: Threat actors can exploit this weakness to escalate their system privileges and gain administrative control easily. Threat Context: Privilege escalation bugs are critical links in modern attack chains. Adversaries typically use them after gaining initial access, often through phishing, to gain total control of a machine, allowing them to turn off security software or deploy secondary payloads. Mitigation Strategies and CISA Directives CISA strictly requires Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities to comply with Binding Operational Directive (BOD) 22-01. Furthermore, CISA strongly encourages private sector security teams to prioritize these fixes to protect their infrastructure. Network defenders must take the following actions immediately: Apply all available mitigations and security patches according to Microsoft’s official vendor instructions. Follow applicable BOD 22-01 guidance if these affected systems are hosted via third-party cloud services. Discontinue use of vulnerable products entirely if patches cannot be applied or alternative mitigations are unavailable. System administrators should aggressively monitor their Microsoft Exchange and Windows environments for unusual activity, as these known exploited vulnerabilities represent a clear and present danger to enterprise security architectures. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Critical ShowDoc RCE Vulnerability Active Exploited in the Wild Cyber Security News Synology SSL VPN Client Vulnerabilities Let Remote Attackers Access Sensitive Files Cyber Security Critical FortiSandbox Vulnerabilities Allow Attackers to Execute Unauthorized Commands Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026