Microsoft Delayed Patches for Exchange Flaws by Two Months

A Chinese threat actor could have been targeting SolarWinds' Orion servers, McAfee sells enterprise security unit for $4 billion, PayPal buys cryptocurrency security start-up Curv for reported $200M

Microsoft was notified in early January by a principal security researcher for security testing firm DEVCORE who goes by the handle “Orange Tsai and then a day later by cybersecurity firm Volexity of the flaws in their Exchange servers that allowed a powerful backdoor Trojan to infect potentially hundreds of thousands of systems.

Microsoft didn’t issue patches until two months later, on March 2, for four flaws in Exchange Server 2013 through 2019, meaning the vulnerabilities that the attackers exploited had been in the code base for at least ten years. (Brian Krebs / Krebs on Security)

Related:Silicon.co.uk, CERT Recently Published Vulnerability Notes, The Record by Recorded Future, Data Protection Center, Secureworks, ZDNet Security, Computerworld Security, IT Pro, The Verge, Cybereason Blog, PR Newswire, Cymulate Blog, TechJuice, SlashGear » security, Digital Journal, NewsBytes App, Tech Insider, Alphr, SC Magazine, TechTarget, Verdict, Computerworld, InsideDefense.com, IT Pro, Window…