Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
In June, Microsoft patched a vulnerability in MSDT dubbed “Follina” that had been used in active attacks for at least three months prior. This latest MSDT bug — CVE-2022-34713 — is a remote code execution flaw that requires convincing a target to open a booby-trapped file, such as an Office document. Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743.
The publicly disclosed Exchange flaw is CVE-2022-30134, which is an information disclosure weakness. Microsoft also released fixes for three other Exchange flaws that rated a “critical” label, meaning they could be exploited remotely to compromise the system and with no help from users. Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers. See Microsoft’s blog post on the Exchange Server updates for more details.
“If your org ..
Support the originator by clicking the read the rest link below.
