Security News

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. A successful exploitation of the flaws allows the adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.

Microsoft Edge Legacy has officially reached the end of life today, and starting tomorrow, the web browser will begin displaying notifications telling users to switch to the new Chromium-based Microsoft Edge. "This version of Microsoft Edge is no longer supported or receiving security updates. Download the new version of Microsoft Edge today."

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall. Included in the slew are 14 critical flaws and 75 important-severity flaws.

A week after Microsoft warned that four zero-day flaws and three others in its Exchange Server were being actively exploited and issued out-of-band remediation, the cloudy Windows biz has delivered software fixes to address 82 other vulnerabilities as part of its monthly Patch Tuesday ritual. Microsoft says two of these vulnerabilities are publicly known and five are under active exploitation.

Patches for four actively exploited Exchange Server vulnerabilities have already been delivered with the updates for supported versions released last week. Among the vulnerabilities patched by Microsoft on this March 2021 Patch Tuesday are several deserving extra attention.

It's raining patches in the Microsoft Windows ecosystem. Software giant on Tuesday dropped a mega-batch of security updates with patches for a whopping 89 documented vulnerabilities, including one used in zero-day attacks against some in the white-hat hacker community.

Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today. With today's update, Microsoft has fixed 82 vulnerabilities, with 10 classified as Critical and 72 as Important.

Attackers can abuse a wide range of Window legitimate tools, including but not limited to Microsoft Defender, Windows Update, and even the Windows Finger command. While being legitimately used by thousands of admins each day for managing their organizations' Azure fleets, their capabilities can also be used for malicious purposes, including circumventing network defense lines.

The European Banking Authority has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.

Microsoft has released security updates for Microsoft Exchange servers running unsupported Cumulative Update versions vulnerable to ProxyLogon attacks. These additional security updates are meant to be installed only on machines running Exchange Server versions not supported by the original Match 2021 security patches released a week ago, only if the admin can't find an update path to a supported version.