Microsoft discloses 85 vulnerabilities, no fixes for Exchange Server bugs


New Delhi, Oct 12 (IANS): Microsoft has disclosed 85 vulnerabilities across its products in its October security update, including one that has been exploited in the wild and the other listed as publicly known.

Of the 85 new patches released, 15 are rated critical, 69 are rated important and one is rated moderate in severity.

The publicly disclosed vulnerability is in Microsoft Office which can put user tokens and other potentially sensitive information at risk.

"What may be more interesting is what isn't included in this month's release. There are no updates for Exchange Server, despite two Exchange bugs being actively exploited for at least two weeks," said Dustin Childs for the Zero Day Initiative.

Microsoft revealed earlier this month that it was investigating two new zero-day vulnerabilities affecting the company's Exchange Server which is actively being exploited by hackers.

The company said an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.

With no updates available to fully address these bugs, the best IT administrators can do is ensure the September 2021 security update is installed.

Last year, Microsoft released an emergency security update for its Exchange email and communications software as at least 30,000 organisations across the US were hit by hackers who stole email communications from their systems.

The next Microsoft Patch Tuesday falls on November 8.

 

  

Top Stories


Leave a Comment

Title: Microsoft discloses 85 vulnerabilities, no fixes for Exchange Server bugs



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.