Security News > 2022 > November > Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
Unlike ProxyShell, the new bugs weren't directly exploitable by anyone with an internet connection and a misguided sense of cybersecurity adventure.
We therefore assumed, probably in common with most Naked Security readers, that the patches would arrive calmly and unhurriedly as part of the October 2022 Patch Tuesday, still more than two weeks away.
Patch Tuesday in brief - one 0-day fixed, but no patches for Exchange!
We're guessing that these fixes weren't part of the regular Patch Tuesday mechanism because they aren't what Microsoft refer to as CUs, short for cumulative updates.
Those old Exchange bugs weren't the only zero-days patched on Patch Tuesday.
The regular Windows Patch Tuesday updates deal with a further 62 security holes, four of which are bugs that unknown attackers found first, and are already exploiting for undisclosed purposes, or zero-days for short.
News URL
Related news
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)