Collaborate Disseminate
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Informati… Continue reading 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday,… Continue reading March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2… Continue reading Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email … Continue reading Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Trend Micro’s Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange. The security flaws could enable threat actors to run arbitrary code and disclose sensitive information on victims’ machines. According to ZDI, the critical vulnerabilities were reported to Microsoft in September 2023, with CVSS scores ranging from 7.1 to 7.5. Surprisingly, Microsoft’s…
The post Microsoft Exchange Vulnerabilities: Zero-Days Pave Way for Remote Code Execution appeared first on Petri IT Knowledgebase.
Continue reading Microsoft Exchange Vulnerabilities: Zero-Days Pave Way for Remote Code Execution
On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE… Continue reading Microsoft fixes exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)
September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of … Continue reading Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802)
August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a patch is availa… Continue reading August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the high… Continue reading Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusi… Continue reading June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange