Microsoft issued patches Tuesday for four new critical vulnerabilities in the company’s on-premises Exchange Server software. The flaws were discovered by the U.S. National Security Agency and disclosed to Microsoft. The NSA joined with Microsoft in urging users to make the updates immediately. The FBI is now removing web shells from Exchange servers in at least eight states that were infected in a wave of attacks earlier this year. Microsoft also issued a patch for a zero-day vulnerability in Desktop Window Manager that was uncovered by Kaspersky.”]
Source: https://www.cuinfosecurity.com/microsoft-patches-4-additional-exchange-flaws-a-16396