Microsoft has released updates to address four previously unknown or ‘zero-day’ vulnerabilities in Exchange Server that were being used in limited targeted attacks, according to Microsoft. Microsoft is urging customers to apply the updates as soon as possible due to the critical rating of the flaws. The flaws affected Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Exchange Online is not affected. “We strongly encourage all Exchange Server customers to apply these updates immediately ,” it said. Privacy How to make privacy your company’s ‘killer app’ Personally identifiable information (PII): What it is, how it’s used, and how to protect it Data privacy and data security are not the same Cyber security 101: Protect your privacy from hackers, spies, and the government Microsoft attributes the attacks to a group it calls Hafnium, which it says is a state-sponsored threat actor that operates from China. SEE: Network security policy (TechRepublic Premium) The attackers used the bugs in on-premise Exchange servers to access email accounts of users. The four bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Washington DC-based security firm Volexity said in its analysis that the vulnerability CVE-2021-26855 was being used to steal the full contents… Read full this story
- Microsoft Says Iran Tried Hack of U.S. Presidential Campaign
- (Update) Sloppy Near-Miss: Any Accumulating Slush Should Stay South of MSP Metro
- (Update) Sloppy Near-Miss: Any Accumulating Slush Stays South of MSP Metro
- Microsoft warns users to patch 'wormable' Windows flaw
- New election systems use vulnerable software
- Analysis: New election systems use vulnerable software
- NSA warns Microsoft users of cyber-attack risk
- Running Windows 10? Update it right now.
- WhatsApp tells users to update app after hack
- Tesla, GM hire hackers to make your connected car safer
Microsoft: These Exchange Server zero-day flaws are being used by hackers, so update now have 285 words, post on www.zdnet.com at March 3, 2021. This is cached page on IT Breaking News. If you want remove this page, please contact us.