Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet
Microsoft has fast-tracked two patches for vulnerabilities impacting Microsoft Exchange Servers. The vulnerabilities have been reported as zero-days. While Microsoft works on developing a patch, businesses should be on alert for attacks targeting these vulnerabilities. Last Friday, Microsoft confirmed that it has identified targeted attacks, albeit limited. The bugs can be chained together for initial access and takeover of the email system.
According to Microsoft, the flaws affect on-premise versions of Microsoft Exchange Server 2013, 2016, and 2018. The servers impacted also face the internet, the tech giant says. Security researchers at Rapid7 have also stated that customers running Exchange hybrid servers with Outlook Web Access (OWA) are also at risk.