Exploits and vulnerabilities in Q2 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. Continue reading Exploits and vulnerabilities in Q2 2024
Category Archives: Microsoft Exchange
Cybersecurity in the SMB space — a growing threat
Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam. Continue reading Cybersecurity in the SMB space — a growing threat
Microsoft Announces Big Changes for On-Premises Exchange Server
This Week in IT, I cover everything you need to know about Microsoft’s new edition of Exchange Server, which is due to launch in 2025. Exchange Server will follow a similar path to on-premises SharePoint and the new edition will also bring with it some… Continue reading Microsoft Announces Big Changes for On-Premises Exchange Server
Exploits and vulnerabilities in Q1 2024
The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024. Continue reading Exploits and vulnerabilities in Q1 2024
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Informati… Continue reading 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday,… Continue reading March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2… Continue reading Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email … Continue reading Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Microsoft Exchange Vulnerabilities: Zero-Days Pave Way for Remote Code Execution
Trend Micro’s Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange. The security flaws could enable threat actors to run arbitrary code and disclose sensitive information on victims’ machines. According to ZDI, the critical vulnerabilities were reported to Microsoft in September 2023, with CVSS scores ranging from 7.1 to 7.5. Surprisingly, Microsoft’s…
The post Microsoft Exchange Vulnerabilities: Zero-Days Pave Way for Remote Code Execution appeared first on Petri IT Knowledgebase.
Continue reading Microsoft Exchange Vulnerabilities: Zero-Days Pave Way for Remote Code Execution
Microsoft fixes exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)
On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE… Continue reading Microsoft fixes exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)