Security News > 2021 > March > Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks
Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.
Among those five security issues are a clutch of vulnerabilities known as ProxyLogon that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.
In the wake of Exchange servers coming under indiscriminate assault toward the end of February by multiple threat groups looking to exploit the vulnerabilities and plant backdoors on corporate networks, Microsoft took the unusual step of releasing out-of-band fixes a week earlier than planned.
The ramping up of mass exploitation after Microsoft released its updates on March 2 has led the company to deploy another series of security updates targeting older and unsupported cumulative updates that are vulnerable to ProxyLogon attacks.
Aside from these actively exploited vulnerabilities, the update also corrects a number of remote code execution flaws in Windows DNS Server, Hyper-V server, SharePoint Server, and Azure Sphere.
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.
News URL
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)