Security News > 2022 > October > Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
Two weeks ago we reported on two zero-days in Microsoft Exchange that had been reported to Microsoft three weeks before that by a Vietnamese company that claimed to have stumbled across the bugs on an incident response engagement on a customer's network.
One day ago [2022-10-11] was the latest Patch Tuesday.
This month's Microsoft patches cover 52 different parts of the Microsoft ecosystem, including several we'd never even heard of before.
There's still no fix for the E00F bugs, a week after we followed up on our article from a week before that about an initial report three weeks before that.
In other words, if you still have your own on-premises Exchange server, even if you're only running it as part of an active migration to Exchange Online, this month's Patch Tuesday hasn't brought you any Exchange relief, so make sure you are up-to-date with Microsoft's latest product mitigations, and that you know what detection and threat classification strings your cybersecurity vendor is using to warn you of potential ProxyNotShell/E00F attackers probing your network.
We're not aware of actual attacks using this bug, but information about how to abuse it was apparently known to potential attackers before the patch appeared.
News URL
Related news
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)