From Microsoft: Exchange Server zero-day flaws are actively being used by hackers, patch now

Adam Stahl

"The man who moves a mountain begins by carrying away small stones." —Confucius.

Follow
Good afternoon,

I know this is a bit off-center based on the forum (so if too far astray, please feel free to remove) but I know there are business owners, executives, mangers, etc. on IMPACT+ and their businesses more than likely use email in some capacity.

www.zdnet.com

The four zero-day vulnerabilities being exploited in the wild are considered critical and affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Currently, it reportedly does not impact Exchange Online.

A "zero-day" bug/vulnerability is a security flaw in hardware/software that is attacked by a (typically malicious) entity before the makers of that hardware/software have defenses in place for it. The hardware/software maker then releases a patch that would need to be applied to defend that issue/weakness/gap being attacked.

Microsoft has released updates to address these zero-day flaws and is urging customer using one of those Exchange Server versions to apply these  patches/updates as soon as possible.

More information can be found here from the Microsoft Security Response Center - msrc-blog.microsoft.com
1 1
2 Comments
User Profile

Log in to leave a comment or

Connor DeLaney
Great share, Adam Stahl ! I wouldn't say this is off base at all, I think it's extremely valuable to share. All of your insight here is really valuable! 
Love  •  
1 1
Adam Stahl
More information on tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and mitigation guidance from the United States Cybersecurity & Infrastructure Security Agency (US-CISA) can be found here --> us-cert.cisa.gov
Love  •  
1 1