Microsoft, Feds Urge Admins to Implement Patches, Including Four for More Exchange Flaws Discovered by NSA
FBI accessed hundreds of computers to remove Exchange web shells, Firm that unlocked San Bernardino shooter's iPhone for the FBI is now revealed, Sweden accuses Russia of hacking sports org, much more
Don’t miss out on the breaking news throughout the day. Follow Metacurity on Twitter to stay up-to-speed.
Microsoft released security updates to plug at least 110 security holes in Windows and other products, including fixes for Microsoft Exchange Server, which has been beset by zero-day bugs in the email software. Also patched was a vulnerability in Windows (CVE-2021-28310) which has been exploited in active attacks already. The flaw allows an attacker to elevate their privileges on a target system. Nineteen of the patched bugs earned the most serious “Critical” label.
The updates further fix four more flaws in Exchange Server versions 2013-2019 (CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483) discovered by the National Security Agency, although Microsoft said it found two of the bugs internally. Both Microsoft and DHS’s Cybersecurity and Infrastructure Security Agency are urging admins to apply the patches as soon as possible to mitigate the newly discovered flaws.
Se…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.