Microsoft has revealed 85 vulnerabilities in its products in its October security update. Of the 85 new patches released, 15 are rated as severe, 69 as critical and one as moderate.
A publicly disclosed vulnerability is in Microsoft Office that could put user tokens and other potentially sensitive information at risk.
Dustin Childs for the Zero Day Initiative said, “What could be more interesting is not included in this month’s release. Despite the two Exchange bugs being actively exploited for at least two weeks, there are no issues with Exchange Server.” There are no updates for this.”
Microsoft disclosed earlier this month that it was investigating two new zero-day vulnerabilities affecting the company’s Exchange Server, which are being actively exploited by hackers.
The company said that for a hacker to successfully exploit either of the two vulnerabilities, it would need to have authenticated access to the vulnerable Exchange server, such as stolen credentials.
With no updates available to fully address these bugs, the best IT administrator can do is ensure that the September 2021 security update is installed.
Last year, Microsoft released an emergency security update for its Exchange email and communications software after at least 30,000 organizations across the US were affected by hackers who stole email communications from their systems.