The zero-day attacks against Microsoft’s software products are showing no signs of slowing down. The software company hurriedly released patches for the second month in a row to address flaws that were already being used as zero-days in the wild.
The patches include two late fixes for security flaws in Microsoft Exchange Server that had been targeted by a state-sponsored threat actor for several months. Microsoft flagged six unique vulnerabilities in the “exploitation detected” category as part of its regularly scheduled Patch Tuesday update process and urged Windows administrators to treat these updates with the utmost urgency.
The Windows CNG Key Isolation Service, Windows Print Spooler, Windows Mark of the Web Security, and Windows Scripting Languages are all impacted by the four new zero-day vulnerabilities.