Security News > 2022 > October > Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server.
To that end, the tech giant has revised the blocking rule in IIS Manager from ".
The list of updated steps to add the URL Rewrite rule is below -.
In the Actions pane on the right-hand side, click Add Rule(s).
Successful weaponization of the flaws could enable an authenticated attacker to chain the two vulnerabilities to achieve remote code execution on the underlying server.
The tech giant, last week, acknowledged that the shortcomings may have been abused by a single state-sponsored threat actor since August 2022 in limited targeted attacks aimed at less than 10 organizations worldwide.
News URL
https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html
Related news
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)