My TechDecisions

IT Infrastructure, Network Security, News

Microsoft Issues Fixes For 108 Vulnerabilities, Including Four In Exchange Server

Microsoft’s monthly Patch Tuesday release for April includes fixes for four vulnerabilities in Exchange Server discovered by the NSA.

Leave a Comment

Microsoft January Patch Tuesday
wolterke/stock.adobe.com

Microsoft’s monthly Patch Tuesday release for April includes fixes for a myriad of vulnerabilities, including four in Exchange Server discovered by the U.S. National Security Agency.

According to the software giant’s Security Response Center, the updates include over 100 vulnerabilities that fix things ranging from Exchange Server vulnerabilities to flaws in Microsoft Office products, Microsoft Edge and Azure.

“Recent events have shown, security hygiene and patch management are more important than ever as the industry works to protect from both sophisticated and common cybercriminal activity,” the company said in a blog post on the updates.

Now that the vulnerabilities – many of which classified as critical – are publicly disclosed, customers need to update immediately as attackers will shift their efforts to exploit these recently disclosed flaws before organizations and users can apply the necessary updates.

According to Bleeping Computer, five are zero-day vulnerabilities, and 19 are classified as Critical and 89 are classified as Important.

According to Microsoft, the four new Exchange Server vulnerabilities discovered by the NSA are remote code execution flaws that were assigned a CVSS score of 9.8.

The company says it has not seen the vulnerabilities exploited against its customers, but given “recent adversary focus on Exchange,” customers should install the updates immediately.

Customers using Exchange Online are already protected and do not need to take any action, Microsoft says.

Indeed, attacks on Exchange Server have been a focus on cyber actors of late, including by a nation-state hacking group in China that Microsoft calls Hafnium. The company issued emergency patches early last month to patch four zero-day vulnerabilities that were being exploited to steal information from targeted victims.

Once those vulnerabilities were disclosed, other hacking groups began to exploit them and establish a presence on customer networks before organizations could apply the patches.

For more information on the updates and disclosed vulnerabilities, visit Microsoft’s Security Update Guide.

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ