ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended....
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)
Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild....
CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible....
Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710)....
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)
Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild....
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)
Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws....
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access....
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the Wild
Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available....
Microsoft’s September 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-37969)
Microsoft addresses 62 CVEs in its September 2022 Patch Tuesday release, including five critical flaws....
Microsoft’s August 2022 Patch Tuesday Addresses 118 CVEs (CVE-2022-34713)
Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws....
Microsoft’s July 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-22047)
Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild....
Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws....