قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Microsoft has zero-day vulnerabilities in IE and Exchange

Microsoft has zero-day vulnerabilities in IE and Exchange



  Microsoft logo displayed on the Microsoft booth at a trade show.

Getty Images | Justin Sullivan

Microsoft's patch on Tuesday this month has been higher than usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploitation and an Exchange flaw Server that was disclosed last month with a proof-of-concept code. [1

9659004] The vulnerability of IE, said Microsoft, allows attackers to test whether one or more files are stored on disks of weak PCs. The attackers must first lead to targets on a malicious site. Microsoft, without elaborating, has said that recognizing active exploits against vulnerability, which has been indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of Windows. The flaw was discovered by members of the Google Zero Project vulnerability research project.

Microsoft has a patched Exchange against a vulnerability that allows remote attackers with fewer than an unparalleled mailbox account to gain administrative control over the server. Dialed PrivExchange, CVE-2019-0686 was publicly disclosed last month, with the proof-of-concept code it exploited. In Tuesday's advisory, Microsoft officials have said they have not seen active exploits, but they are "likely."

To avoid readers' thinking that Microsoft is the only major software manufacturer whose products have been actively exploited in the past week, Apple last week had three iOS weaknesses that said researchers who have been exploited as zero days in the wild . Two of the zero-days were discovered by Project Zero. Apple declined to comment.

Of all, Microsoft has had over 70 vulnerabilities, of which 20 are rated critically. The vulnerable products include IE, Edge, Windows, Office, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Microsoft Dynamics, Team Foundation Server, and Visual Studio Code. Microsoft has a general idea here.


Source link