Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday

May 12, 2021 10:00 am Cyber Security 235

Microsoft Fixes Exchange Server Zero-Day in May Patch Tuesday

Microsoft fixed 55 vulnerabilities yesterday including three zero-days not thought to have been exploited in the wild, one of which affected the under-fire Exchange Server.



This month’s Patch Tuesday is lighter than many have been in recent months, but there were four critical CVEs for admins to address, alongside the three publicly disclosed bugs.



Top of the priority list should be CVE-2021-31207, which was discovered as part of this year’s Pwn2Own competition, according to Ivanti senior director of product management, Chris Goettl.



“Microsoft Exchange admins have had a rough stretch in the past few months starting with the zero-day exploits targeted by Hafnium followed by the April Exchange update resolving four NSA discovered vulnerabilities,” he said.



“CVE-2021-31207 is only rated as moderate, but the security feature bypass exploit was showcased prominently in the Pwn2Own contest and at some point details of the exploit will be published. At that point threat actors will be able to take advantage of the vulnerability if they have not already begun attempting to reverse engineer an exploit.”



The other two zero-days fixed by Microsoft this month are CVE-2021-31200, a remote code execution (RCE) vulnerability in Common Utilities, and CVE-2021-31204 which is an elevation of privilege fl ..

Support the originator by clicking the read the rest link below.

microsoft fixes exchange server patch tuesday
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!