This article has been indexed from Help Net Security
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and CVE-2021-42292, a Microsoft Excel security feature bypass bug. Vulnerabilities of note CVE-2021-42321, the remote code execution vulnerability in Microsoft Exchange Server 2016 and 2019, is due to issues with the validation of command-let (cmdlet) arguments. “In order to exploit this flaw, an attacker would need to be authenticated, which … More
The post Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292) appeared first on Help Net Security.
Read the original article: Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)