Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.