Chinese Ministry of State Security (MSS)-affiliated cyber threat actors are targeting U.S. government agencies, as well as exploiting four popular vulnerabilities over the past 12 months.
Microsoft issued the February 2019 Security Updates that include nearly 74 unique vulnerability fixes, 20 of them rated critical.
Microsoft has released a new security advisory for an Elevation of Privilege vulnerability "PrivExchange" that impacts multiple versions of Microsoft Exchange Server.
Microsoft Exchange 2013 and newer versions are vulnerable to NTLM relay attacks and privileged escalation. Administrators should review and apply the necessary workarounds until a permanent patch is made available.
Microsoft issued the January 2019 Security Updates that include nearly 50 unique vulnerability fixes, 7 of them rated critical.
Microsoft issued the December 2018 Security Updates that include 39 unique vulnerability fixes, 9 of them rated critical.
Microsoft issued the August 2018 Security Updates that include over 60 unique vulnerability fixes, 19 of them rated critical and two zero days actively exploited.
Microsoft issued May 2018 Security Updates that include at least 68 vulnerability fixes, 21 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Exchange Server, Windows Host Compute Service Shim and Adobe Flash.