CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of two severe Microsoft vulnerabilities.

On April 13, 2026, the agency officially added flaws affecting Microsoft Exchange Server and the Windows Common Log File System (CLFS) Driver to its Known Exploited Vulnerabilities (KEV) catalog.

According to CISA’s latest threat intelligence update, threat actors are actively exploiting both vulnerabilities in the wild.

While it remains unknown whether these specific flaws are being exploited in active ransomware campaigns, the agency mandates that federal entities apply available patches by April 27, 2026, and strongly urges private organizations to do the same.

Exchange Server Remote Code Execution

The first critical vulnerability, tracked as CVE-2023-21529, affects Microsoft Exchange Server. This security flaw stems from the deserialization of untrusted data (CWE-502).

• Exploitation Mechanism: An authenticated attacker can manipulate how the Exchange server processes specific data to achieve remote code execution (RCE).
• Network Impact: Successful exploitation allows adversaries to run arbitrary malicious code on the compromised server, potentially granting them deep, persistent access into corporate networks.
• Threat Context: Exchange servers remain highly prized targets for cybercriminals. Because they store sensitive corporate communications and serve as gateways to internal network environments, patching CVE-2023-21529 should be treated as an immediate, high-priority task.

Windows CLFS Privilege Escalation

The second vulnerability, identified as CVE-2023-36424, is an out-of-bounds read flaw in the Microsoft Windows CLFS driver.

• Exploitation Mechanism: The CLFS driver fails to properly validate the boundaries of the memory it reads, which allows a local attacker to trigger the vulnerability.
• Network Impact: Threat actors can exploit this weakness to escalate their system privileges and gain administrative control easily.
• Threat Context: Privilege escalation bugs are critical links in modern attack chains.

Adversaries typically use them after gaining initial access, often through phishing, to gain total control of a machine, allowing them to turn off security software or deploy secondary payloads.

Mitigation Strategies and CISA Directives

CISA strictly requires Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities to comply with Binding Operational Directive (BOD) 22-01.

Furthermore, CISA strongly encourages private sector security teams to prioritize these fixes to protect their infrastructure.

Network defenders must take the following actions immediately:

• Apply all available mitigations and security patches according to Microsoft’s official vendor instructions.
• Follow applicable BOD 22-01 guidance if these affected systems are hosted via third-party cloud services.
• Discontinue use of vulnerable products entirely if patches cannot be applied or alternative mitigations are unavailable.

System administrators should aggressively monitor their Microsoft Exchange and Windows environments for unusual activity, as these known exploited vulnerabilities represent a clear and present danger to enterprise security architectures.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.