Exchange Server Archives

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Cybersecurity Attacks, Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / March 8, 2021 / CVE-2021-26855, Cybersecurity, Cybersecurity Threat Center, Exchange, Exchange Server, Exploit, Microsoft, Vulnerabilities

Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated) Read More »

Microsoft November 2020 Security Updates, zero-day patch for CVE-2020-17087

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 11, 2020 / Azure DevOps, Azure SDK, Azure Sphere, ChakraCore, Codecs Library, CVE-2020-17042, CVE-2020-17048, CVE-2020-17051, CVE-2020-17052, CVE-2020-17053, CVE-2020-17058, CVE-2020-17078, CVE-2020-17079, CVE-2020-17082, CVE-2020-17087, CVE-2020-17101, CVE-2020-17105, CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110, Exchange Server, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Office, Microsoft Teams, Microsoft Windows, Visual Studio, Windows Defender

Microsoft has released the November 2020 Security updates that includes patches for 112 vulnerabilities, 17 of them rated Critical. In addition, the tech giant fixed a zero-day Windows kernel vulnerability CVE-2020-17087 with known public exploits.

Microsoft November 2020 Security Updates, zero-day patch for CVE-2020-17087 Read More »

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 16, 2020 / .NET, Adobe, codecs, CVE-2020-16898, CVE-2020-16951, CVE-2020-16952, CVE-2020-17022, CVE-2020-17023, Dynamics, Exchange Server, Flash Player, JET Database, Microsoft, Open Source, PowerSHell, Visual Studio, Windows

Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical “Bad Neighbor” vulnerability and two out-of-band patches.

Microsoft October 2020 Security Updates and “Bad Neighbor” RCE fix (updated) Read More »

Microsoft September 2020 Security and Adobe Updates

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 9, 2020 / ASP.NET, Azure DevOps, ChakraCore, CVE-2020-0878, CVE-2020-0908, CVE-2020-0922, CVE-2020-0997, CVE-2020-1057, CVE-2020-1129, CVE-2020-1172, CVE-2020-1182, CVE-2020-1200, CVE-2020-1210, CVE-2020-1252, CVE-2020-1285, CVE-2020-1319, CVE-2020-1452, CVE-2020-1453, CVE-2020-1460, CVE-2020-1508, CVE-2020-1576, CVE-2020-1593, CVE-2020-1595, CVE-2020-16857, CVE-2020-16862, CVE-2020-16874, CVE-2020-16875, Edge, Exchange Server, Internet Explorer, Microsoft Dynamics, Microsoft JET Database Engine, Microsoft Office, OneDrive, SQL Server, Visual Studio, Windows

Microsoft has released the September 2020 Security updates that includes patches for 129 vulnerabilities, 24 of them rated Critical. Adobe also released updates for Experience Manager, Framemaker and InDesign.

Microsoft September 2020 Security and Adobe Updates Read More »

Microsoft February 2020 Security Updates (includes IE zero-day fix)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / February 11, 2020 / ChakraCore, CVE-2020-0674, Edge, Exchange Server, Microsoft, SQL Server, Surface, Surface Hub, Windows

Microsoft issued the February 2020 Security Updates that include 101 unique vulnerability fixes, 13 of those rated critical. The update also includes a patch for an IE zero-day scripting engine vulnerability CVE-2020-0674 disclosed in January.

Microsoft February 2020 Security Updates (includes IE zero-day fix) Read More »

Microsoft June 2019 Security Updates

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / June 12, 2019 / Adobe, Azure, Edge, Exchange Server, Microsoft, Office, Skype, Windows

Microsoft issued the June 2019 Security Updates that include 88 unique vulnerability fixes, 21 rated critical. Additional guidance was also published to mitigate Adobe vulnerabilities.

Microsoft June 2019 Security Updates Read More »

Microsoft April 2019 Security Updates, patches two 0-days

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 9, 2019 / ASP.NET, Azure DevOps Server, ChakraCore, CVE-2019-0803, CVE-2019-0859, Edge, Exchange Server, Office, Open Enclave SDK, Team Foundation Server, Windows

Microsoft issued the April 2019 Security Updates that include 74 unique vulnerability fixes, 16 of them rated critical and two zero-days that were being actively exploited.

Microsoft April 2019 Security Updates, patches two 0-days Read More »