Security News > 2022 > March > Microsoft patches critical remote-code-exec hole in Exchange Server and others
Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update.
Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."
SAP Security Note #3154684, which received a perfect 10.0 CVSS score, is one of these Log4j patches.
SAP Security Note #3145987, with a CVSS score of 9.3, patches a missing authentication vulnerability in the SAP Simple Diagnostics Agent.
The vendor said it will issue source code patches for these vulnerabilities to the Android Open Source Project repository in the next 48 hours.
The most severe Android flaw is a critical security vulnerability in the system component that could lead to remote escalation of privilege with no additional execution privileges or user interaction needed.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/09/microsoft_patch_tuesday/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)