Forum Discussion
Microsoft Patches Multiple Exchange Server Flaws Including...
Microsoft Patches Multiple Exchange Server Flaws Including Four Zero-Day Vulnerabilities
On March 2, Microsoft published out-of-band advisories for four zero-day vulnerabilities in Microsoft Exchange Server. According to Microsoft, these four flaws have been actively exploited in the wild by a state-sponsored threat group they call HAFNIUM.
Researchers at Volexity also provided some additional context about these attacks, which they refer to as Operation Exchange Marauder.
In addition to the four zero-day vulnerabilities, Microsoft patched three unrelated Exchange Server remote code execution vulnerabilities reported to them by security researcher Steven Seeley.
For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.
2 Replies
hmm... I tried to scan one of our mail systems (which should be vulnerable) with latest plugins (double-checked that scan includes 147024 and 147003), anyway no critical state came up. Do I miss something or are there more plugins available soon?
Thanks
Hi @Christian Berg thanks for reaching out to us. I'm not sure what happened with your scan. I would suggest reaching out to our Customer Support team so they can further assist you in troubleshooting. We did release new plugins, including a direct check plugin this evening that you can now use. More details can be found on our blog.
