Metacurity

Share this post

Microsoft Delayed Patches for Exchange Flaws by Two Months

metacurity.substack.com

Microsoft Delayed Patches for Exchange Flaws by Two Months

A Chinese threat actor could have been targeting SolarWinds' Orion servers, McAfee sells enterprise security unit for $4 billion, PayPal buys cryptocurrency security start-up Curv for reported $200M

Cynthia Brumfield
Mar 9, 2021
∙ Paid
Share
Share this post

Microsoft Delayed Patches for Exchange Flaws by Two Months

metacurity.substack.com

Microsoft was notified in early January by a principal security researcher for security testing firm DEVCORE who goes by the handle “Orange Tsai and then a day later by cybersecurity firm Volexity of the flaws in their Exchange servers that allowed a powerful backdoor Trojan to infect potentially hundreds of thousands of systems.

Microsoft didn’t issue patches until two months later, on March 2, for four flaws in Exchange Server 2013 through 2019, meaning the vulnerabilities that the attackers exploited had been in the code base for at least ten years. (Brian Krebs / Krebs on Security)

Related:Silicon.co.uk, CERT Recently Published Vulnerability Notes, The Record by Recorded Future, Data Protection Center, Secureworks, ZDNet Security, Computerworld Security, IT Pro, The Verge, Cybereason Blog, PR Newswire, Cymulate Blog, TechJuice, SlashGear » security, Digital Journal, NewsBytes App, Tech Insider, Alphr, SC Magazine, TechTarget, Verdict, Computerworld, InsideDefense.com, IT Pro, Window…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing