Microsoft's October Security Patch Missing Zero-Day Exchange Fix
This month's Microsoft monthly security update, which comes packed with 85 flaw fixes, is notable for what's not included – a fix for last month's publicly disclosed Exchange vulnerabilities, known as "NotProxyShell."
In a blog post highlighting Exchange Server flaw fixes that are included, Microsoft acknowledged that the fixes for the two security bulletins that are being actively exploited did not make it in time for this month's security update. "We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready," wrote Microsoft in the post.
In the meantime, Microsoft is recommends Exchange Server users implement its mitigation advice, which includes blocking specific attack patterns associated with the vulnerability, and reiterates that no further actions for Exchange Online users are needed.
Further, Microsoft's August security update brought support for the Windows Extended Protection (EP) feature in Exchange Server, "which can help you protect your environments from authentication relay or "man in the middle" (MitM) attacks," wrote Microsoft.
As for what is included with this month's security patch update, October's big-ticket items in ..
Support the originator by clicking the read the rest link below.
