Microsoft (re)patch requested | International cyber threats growing

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the White House on Tuesday urged organizations running a Microsoft email application to immediately patch their systems following the discovery of new vulnerabilities.

A different issue: The security flaws in Microsoft’s Exchange Server were separate from the vulnerabilities discovered in March by the company, which at least one Chinese state-sponsored hacking group exploited to gain access to thousands of organizations.

The NSA discovered the new vulnerabilities and reported them to Microsoft, with the company releasing a patch on Tuesday. CISA ordered federal agencies to implement the patch by the end of the week, and a top Biden administration official said the White House was monitoring the situation closely.

Getting out ahead: “We have not seen the vulnerabilities used in attacks against our customers,” the Microsoft Security Response Center wrote in a blog post Tuesday. “However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats.”