Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources And for bonus points, there's a Windows flaw under active exploit
Patch Tuesday Microsoft fixed more than 80 security flaws in its products for October's Patch Tuesday. But let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. CVE-2022-41040 is a server-side request forgery vulnerability while CVE-2022-41082 is a remote code execution (RCE) bug. Both can be exploited together to run PowerShell commands on a vulnerable system and take control of it. Vietnamese cybers...