Here are a couple of examples from the recent cyber-tech press of examples of software vulnerabilities that need patching… Promptly! Microsoft releases Exchange hotfixes for security update issues – BleepingComputer ArcaneDoor hackers exploit Cisco zero-days to breach govt networks – BleepingComputer The first illustrates that management is needed as not …
More pain for Microsoft and something free for you
Hot on the heels of “New Outlook – Surveillance in the name of profit” comes a report from the US Government’s Homeland Security on how Microsoft handled the 2023 Exchange Online cyber attack. Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (bleepingcomputer.com) Whatever Microsoft says about …
Continue reading “More pain for Microsoft and something free for you”
December’s Microsoft Patch Tuesday
SANS Internet Storm Diary has a comprehensive report on Microsoft’s Patch Tuesday: Microsoft December 2022 Patch Tuesday – SANS Internet Storm Center Here is the Microsoft release page: December 2022 Security Updates – Release Notes – Security Update Guide – Microsoft The Microsoft report gives much more information on the …
Yesterday was Patch Tuesday for Microsoft
So, everyone knows what that means, for the users, slow internet connections as we all gather in those vital updates, for the administrators, checking what needs to be done and checking that it has happened – including checking that the users have not skipped the updates because they are too …
Continue reading “Yesterday was Patch Tuesday for Microsoft”
In-house Microsoft Exchange zero-day attack mitigation is not enough
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
CISA issues security advisories across a range of popular products
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
CISA adds three vulnerabilities to the Known Exploited Vulnerabilities Catalog
The US Cybersecurity and Infrastructure Security Agency has added three known exploits to its Known Exploited Vulnerabilities Catalog – this list should be seen as a “Must Patch Now” list. Two of the exploits are for Microsoft Exchange are being actively exploited: CISA Adds Three Known Exploited Vulnerabilities to Catalog …
Continue reading “CISA adds three vulnerabilities to the Known Exploited Vulnerabilities Catalog”