Patches for 6 zero-days under active exploit are now available from Microsoft


The phrase Zero Day can be spotted on a monochrome computer screen clogged with ones and zeros.

reader comments
11 with 11 posters participating

It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a wide range of other vulnerabilities that pose a threat to end users.

Two of the zero-days are high-severity vulnerabilities in Exchange that, when used together, allow hackers to execute malicious code on servers. Tracked as CVE-2022-41040 and CVE-2022-41082, these vulnerabilities came to light in September. At the time, researchers in Vietnam reported they had been used to infect on-premises Exchange servers with web shells, the text-based interfaces that allow people to remotely execute commands.

Better known as ProxyNotShell, the vulnerabilities affect on-premises Exchange servers. Shodan searches at the time the zero-days became publicly known showed roughly 220,000 servers were vulnerable. Microsoft said in early October that it was aware of only a single threat actor exploiting the vulnerabilities and that the actor had targeted fewer than 10 organizations. The threat actor is fluent in Simplified Chinese, suggesting it has a nexus to China.

discovered the bypass technique in July.

In all, this month’s Update Tuesday fixed a total of 68 vulnerabilities. Microsoft gave a “critical” severity rating to 11 of them, with the remainder carrying the rating “important.” Patches generally install automatically within about 24 hours. Those who want to install updates immediately can go to Windows > Settings > Updates and Security > Windows Update. Microsoft’s full rundown is here.

Article Tags:
Article Categories:
Technology