A Microsoft is asking Exchange Server administrators to patch their local instances of communication, calendaring and collaboration software as quickly as possible to address a post-authentication vulnerability that is being actively exploited.
The Exchange Server November 2021 update has several security fixes, but one of which is extremely important for system administrators to install as it fixes an actively exploited vulnerability.
BUT: Microsoft surpasses Apple as the most valuable brand in the world
The flaws have been discovered internally by Microsoft, and so far the full details of the flaws have yet to be revealed to prevent further exploitation.
So let's see here, we've got exploitation in the wild for two of the Patch Tuesday updates:
CVE-2021-42321 - Microsoft Exchange
CVE-2021-42292 - Microsoft ExcelThere is no update for the CVE-2021-42292 vulnerability in Excel on the Mac platform yet. pic.twitter.com/CXE09Rrcqg
- Will Dormann (@wdormann) November 9, 2021
This flaw can allow remote access to Exchange Server accounts, bypassing traditional security measures. Microsoft confirms that the flaw is being actively exploited by some hacker groups, so it is critical for system administrators to install the latest updates.