SECURITYBLEEPING COMPUTER
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched a zero-day vulnerability in Exchange Server that allows threat actors to execute arbitrary JavaScript code through cross-site scripting (XSS) attacks targeting Outlook Web Access users. The vulnerability is actively exploited, prompting the release of a security update.
Mentioned
Related Signal
Adjacent reporting
- Microsoft warns of Exchange zero-day flaw exploited in attacks
- Adobe Patches Actively Exploited Zero-Day That Lingered for Months
- Microsoft warns of new Defender zero-days exploited in attacks
- Ivanti warns of new EPMM flaw exploited in zero-day attacks
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
- Microsoft Exchange Zero-Day Under Attack, No Patch Available