image credit: Freepik

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

September 30, 2022

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems.

That’s according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022.

The two vulnerabilities, which are formally yet to be assigned CVE identifiers, are being tracked by the Zero Day Initiative as ZDI-CAN-18333 (CVSS score: 8.8) and ZDI-CAN-18802 (CVSS score: 6.3).

Read More on The Hacker News