Customer Guidance on Recent Nation-State Cyber Attacks | MSRC Blog Note: we are updating as the investigation continues. Revision history listed at the bottom. This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the Read more…
Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities | MSRC Blog This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to Read more…
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server | MSRC Blog November 8, 2022 update – Microsoft released security updates for CVE-2022-41040 and CVE-2022-41082. We recommend that customers protect their organizations by applying the updates immediately to affected systems. The options described in the Mitigations section are no Read more…
Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 | MSRC Blog Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against Read more…