Microsoft has disclosed 85 vulnerabilities across its products in its October security update, including one that has been exploited in the wild and the other listed as publicly known.
Of the 85 new patches released, 15 are rated critical, 69 are rated important and one is rated moderate in severity.
The publicly disclosed vulnerability is in Microsoft Office which can put user tokens and other potentially sensitive information at risk.
“What may be more interesting is what isn’t included in this month’s release. There are no updates for Exchange Server, despite two Exchange bugs being actively exploited for at least two weeks,” said Dustin Childs for the Zero Day Initiative.
Microsoft revealed earlier this month that it was investigating two new zero-day vulnerabilities affecting the company’s Exchange Server which is actively being exploited by hackers.
The company said an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities.
With no updates available to fully address these bugs, the best IT administrators can do is ensure the September 2021 security update is installed.
Last year, Microsoft released an emergency security update for its Exchange email and communications software as at least 30,000 organizations across the US were hit by hackers who stole email communications from their systems.
The next Microsoft Patch Tuesday falls on November 8.
Bijay Pokharel
Related posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.