Microsoft patched an important vulnerability in Microsoft Exchange Server during Patch Tuesday. In addition, 70 other issues were addressed.
CVE-2022-23277 allowed cybercriminals to remotely activate malicious code via a network call to a server account. Ultimately, lateral moves allowed hackers to compromise corporate email or steal data. The patch applies to Microsoft Exchange Server versions 2013, 2016 and 2019.
70 other patches
The tech giant released 70 other patches for its solutions last Tuesday. As many as 41 apply to Windows. The rest applies to Visual Studio, the Xbox app for Windows, Intune, Microsoft Defender, Express Logic, Azure Site Recovery and the Microsoft Edge browser.
For example, CVE-2022-24508 in Windows SMB v3 was addressed. The vulnerability has a high chance of exploitation. In addition to the patch, Microsoft recommends that companies limit their SMB traffic in sideways and remote connections.
Lastly, Microsoft resolved CVE-2022-24501, a vulnerability in the VP9 Video Extensions, exploited by tricking victims into opening a malicious video file.