Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. Microsoft quickly published official guidance about these vulnerabilities, summarising the situation as follows: More precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution (RCE) on the Exchange server itself. …and along comes a brand new zero-day hole in Microsoft Exchange!
Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend…
0 kommentar(er)
