Security News > 2021 > April > Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software.
Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.
"These vulnerabilities have been rated 'exploitation more likely' using Microsoft's Exploitability Index. Two of the four vulnerabilities are pre-authentication, meaning an attacker does not need to authenticate to the vulnerable Exchange server to exploit the flaw. With the intense interest in Exchange Server since last month, it is crucial that organizations apply these Exchange Server patches immediately," wrote Satnam Narang, staff research engineer with Tenable in commentary shared with Threatpost.
Troublesome given the ubiquitous nature of the Microsoft Office are four remote code execution vulnerabilities patched this month within the productivity suite.
Microsoft marks the vulnerability type as "Exploitation less likely," however, it's highly recommended to quickly patch and remediate any RCE vulnerabilities on systems, Goodman said: "Leaving latent vulnerabilities with RCE exploits can easily lead to a faster-spreading attack."
Microsoft's April Patch Tuesday update was complemented by Adobe's monthly slew of patches, which addressed 10 security bugs, seven of them critical.
News URL
https://threatpost.com/microsoft-april-patch-tuesday-zero-days/165393/
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)