came to light in September. At the time, researchers in Vietnam reported they had been used to infect on-premises Exchange servers with web shells, the text-based interfaces that allow people to remotely execute commands.
Better known as ProxyNotShell, the vulnerabilities affect on-premises Exchange servers. Shodan searches at the time the zero-days became publicly known showed roughly 220,000 servers were vulnerable. Microsoft said in early October that it was aware of only a single threat actor exploiting the vulnerabilities and that the actor had targeted fewer than 10 organizations. The threat actor is fluent in Simplified Chinese, suggesting it has a nexus to China.
discovered the bypass technique in July.
In all, this month’s Update Tuesday fixed a total of 68 vulnerabilities. Microsoft gave a “critical” severity rating to 11 of them, with the remainder carrying the rating “important.” Patches generally install automatically within about 24 hours. Those who want to install updates immediately can go to Windows > Settings > Updates and Security > Windows Update. Microsoft’s full rundown is here.