Security News > 2021 > May > Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software.
Those who recall the slew of Exchange Server fixes in March and April may experience a sense of deja vu: May brings still more Exchange Server fixes, for Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9.
"More Exchange patches are expected as not everything disclosed at the contest has been addressed," he said.
The other two critical vulnerabilities - OLE Automation Remote Code Execution Vulnerability and Scripting Engine Memory Corruption Vulnerability - both involve luring a victim to a website to get remote code execution, said Childs.
SAP. SAP released 11 security notes, six addressing new issues and five related to previous patches.
The two Hot News runners-up managed only 9.9 severity - an update to an April 2021 patch addressing a remote code execution vulnerability in SAP Commerce and an update to a January 2021 patch addressing a code injection flaw in SAP Business Warehouse and SAP BW/4HANA. Among the newly disclosed entries, two of the three High Priority notes fix issues in SAP Business One.
News URL
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)