Mail server

Microsoft discloses 85 vulnerabilities, no fixes for Exchange server bugs » Glamsham

New Delhi, Oct 12 (IANS) Microsoft disclosed 85 vulnerabilities in its products in its October security update, including one that was exploited in the wild and the other listed as publicly known.

Of the 85 new patches released, 15 are rated critical, 69 are rated important, and one is rated moderate in severity.

The publicly disclosed vulnerability is in Microsoft Office, which can put user tokens and other potentially sensitive information at risk.

“What may be more interesting is what is not included in this month’s release. There are no updates for Exchange Server, despite two actively exploited Exchange bugs for at least two weeks,” said Dustin Childs for Zero Day Initiative.

Microsoft revealed earlier this month that it was investigating two new zero-day vulnerabilities affecting the company’s Exchange server which is being actively exploited by hackers.

The company said an attacker would need authenticated access to the vulnerable Exchange server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.

With no updates available to fully fix these bugs, the best IT administrators can do is ensure that the September 2021 security update is installed.

Last year, Microsoft released an emergency security update for its Exchange messaging and communications software, as at least 30,000 organizations across the United States were affected by hackers who stole communications via email from their systems.

The next Microsoft Patch Tuesday falls on November 8.

–IANS

n / A/