Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines.

Of these flaws, 14 are listed as Critical, and 75 are listed as Important in severity, out of which two of the bugs are described as publicly known, while five others have been reported as under active attack at the time of release.

Among those five security issues are a clutch of vulnerabilities known as ProxyLogon (CVE-2021-26855, 2021-26857, CVE-2021-26858, and CVE-2021-27065) that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.

But in the wake of Exchange servers coming under indiscriminate assault toward the end of February by multiple threat groups looking to exploit the vulnerabilities and plant backdoors on corporate networks, Microsoft took the unusual step of releasing out-of-band fixes a week earlier than planned.

The ramping up of mass exploitation after Microsoft released its…

http://feedproxy.google.com/~r/TheHackersNews/~3/I06Iy2sRjEU/microsoft-issues-security-patches-for.html

Leave a Reply