Security News > 2022 > November > Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!
Unlike ProxyShell, the new bugs weren't directly exploitable by anyone with an internet connection and a misguided sense of cybersecurity adventure.
We therefore assumed, probably in common with most Naked Security readers, that the patches would arrive calmly and unhurriedly as part of the October 2022 Patch Tuesday, still more than two weeks away.
Patch Tuesday in brief - one 0-day fixed, but no patches for Exchange!
We're guessing that these fixes weren't part of the regular Patch Tuesday mechanism because they aren't what Microsoft refer to as CUs, short for cumulative updates.
Those old Exchange bugs weren't the only zero-days patched on Patch Tuesday.
The regular Windows Patch Tuesday updates deal with a further 62 security holes, four of which are bugs that unknown attackers found first, and are already exploiting for undisclosed purposes, or zero-days for short.
News URL
Related news
- Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- March Patch Tuesday sees Hyper-V join the guest-host escape club (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)