Exchange Server

Patch Tuesday November 2021 – Microsoft Patches Windows RDP Zero-Day and Exchange RCE

by Russell Smith

Patch Tuesday in November 2021 sees Microsoft release patches to address 55 CVEs, including fixes for 6 zero-day bugs. There are updates for products including Windows, Windows Server, Office, Exchange Server, Active Directory, Microsoft Dynamics, Hyper-V, and Azure Real Time Operating System (RTOS), which is ThreadX RTOS, an embedded real-time operating system that Microsoft purchased… Read More

Patch Tuesday October 2021 – Microsoft Fixes Windows Kernel Zero-Day and Critical Bug in Exchange Server

by Russell Smith

This month's Patch Tuesday for includes a cumulative update (CU) for Windows 11, which was made generally available October 4th. In total Microsoft released patches addressing 71 CVEs in Windows, Edge, Exchange Server, .NET Core, SharePoint Server, and many other products. Two of the CVEs patched this month are rated Critical, and 68 Important. And… Read More

Patch Microsoft Exchange Servers Now to Stop LockFile Ransomware

by Russell Smith

The LockFile ransomware group has been actively launching attacks against Microsoft Exchange Servers, exploiting three vulnerabilities that were patched by Microsoft in April and May this year. Known as the Exchange Server ProxyShell vulnerabilities, the LockFile group uses them, in conjunction with the Windows PetitPotam vulnerabilities that were partially patched in the round of updates… Read More

Patch Tuesday – March 2021

by Russell Smith

Microsoft released patches to fix 82 security bugs in Windows and other software this month. There are critical bugs in IE, Exchange Server, and Windows Server DNS. Windows and Windows Server Windows gets two patches for critical remote code execution (RCE) flaws. CVE-2021-26876 is a vulnerability in OpenType font parsing and CVE-2021-26867 is a flaw… Read More

Patch Tuesday – February 2021

by Russell Smith

Microsoft has released a relatively small number of fixes this month, in total just 56. But they include patches for a zero-day flaw in the Win32k component and some serious TCP/IP networking stack vulnerabilities. Windows and Windows Server February's cumulative update (CU) for Windows 10 comes with a patch for a zero-day Elevation of Privilege… Read More

Patch Tuesday – October 2020

by Russell Smith

This month Microsoft patches a serious remote code execution (RCE) in Windows that could be easily wormable and Outlook gets a patch for a bug that could let an attacker run arbitrary code on affected systems. And after a break of a few months, Adobe releases a security update for Flash Player.