Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent


Four Exchange vulnerabilities that Trend Micro’s Zero Day Initiative (ZDI) revealed last week, according to Microsoft, have either already been patched or don’t need to be addressed right away. The vulnerabilities in ZDI’s advisories have been classified as “zero-days” since they have not been reported as exploited in the wild and no publicly available technical information or proof of concept code exists to raise the likelihood that they will be exploited in the near future.

ZDI revealed the existence of four Exchange vulnerabilities with high severity that were found by Piotr Bazydlo of the business. Microsoft had advised ZDI that these flaws don’t need to be fixed right away. ZDI claims that the tech giant was notified of the vulnerabilities in early September.

Read More…