The Microsoft Patchday regularly provides important security updates, in November vulnerabilities are fixed, among others, in Exchange Server and in Windows.
The vulnerabilities in Microsoft Exchange Server 2016, Microsoft Exchange Server 2019 and Microsoft Exchange Server 2013 had already become known at the end of September (CVE-2022-41040 and CVE-2022-41082 or also called "NotProxyShell"). They could now be closed by optimized workarounds.
A further vulnerability called "ZippyRead" (CVE-2022-41091) is warned of, which can make it possible to place malicious Zip files on a Windows computer. These arrive as macros in a Word document in the system.
Microsoft provides a security update guide here.
Do you have any questions for our security experts or need assistance in eliminating this or other security vulnerabilities? Contact us, we look forward to hearing from you.
TSO-DATA
Marvin Hitzfeld
+49 (541) 1395-94
it-infrastruktur[at]tso[dot]de
