A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft exchange server 2010 |
||
microsoft exchange server 2013 |
||
microsoft exchange server 2016 |
||
microsoft exchange server 2019 |
This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.
Posted: 12 Feb, 202024 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – February 2020This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required...
Claims Russia's FSB was poking around an Eastern European ministry
While enterprises stagger under sustained ransomware attacks, Android users are increasingly being targeted by banking malware, with Slovakian infosec firm ESET reckoning it had seen a 159 per cent increase in such malicious software over the last few months. Even though banking malware aimed at users of the Google mobile OS sharply increased in popularity overall mobile threat detections on the Google-owned operating system declined by 18.8 per cent quarter-on-quarter, said ESET. “Android Ban...
Beijing's snoops don't even need zero-days to break into valuable networks
The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted. In a joint statement, the FBI and Homeland Security's Cybersecurity and Inf...
Don't be so smug, Mac users, you're open to an InDesign project file
A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others. September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate. None of the bugs have public exploit code or in-the-wild attacks yet. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away ...
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of. This is our latest installment, focus...
Meanwhile, we're still squashing bugs in Adobe Flash Player... plus stuff from Intel and SAP
Patch Tuesday It's going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper crop of security fixes for Patch Tuesday. Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities. These included CVE-2020-0674, a remote code execution flaw in Internet Explorer's Trident rendering engine that is already being exploited in the wild. This hole would typically be expl...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...