Researchers Find Bypass for a Fixed Bug; MSFT Patches Again

10-May-23

According to security experts, a minor adjustment to a zero-day assault on Microsoft Exchange employed by Russian government hackers can get around a March patch.The modified attack was fixed by Microsoft as part of this month’s round of changes, with the flaw being rated as “important” rather than “critical.”

“We discovered a 0-click vulnerability that can be utilised to get around the patch and is remotely exploitable. More specifically, we discovered that the patch is rendered worthless by the addition of a single character, according to a statement released by the Akamai research team on Tuesday afternoon. According to the market leader in content delivery, Microsoft assured it that any Exchange server updated in March would shield an Outlook client from the modified attack.

Read More…