Microsoft launches new security update notification RSS feed
RSS feeds may not be as popular as they used to be, but for some things they are one of the most efficient and useful means of keeping updated.
Microsoft is aware of this and, having listened to feedback from customers, has launched a new RSS feed to make it easier to keep updated about the latest security notifications from the company. Specifically, there is now an RSS feed for the Security Update Guide (SUG).
Microsoft confirms two actively exploited zero-day vulnerabilities in Exchange Server
Microsoft has issued a security notice about two zero-day vulnerabilities with its own Microsoft Exchange Server. Versions 2013, 2016 and 2019 of the software are affected.
One vulnerability (CVE-2022-41082) allows for remote code execution when an attacker has access to PowerShell; the second (CVE-2022-41040) is a Side Request Forgery (SSRF) vulnerability. Both vulnerabilities are being exploited in the wild.