A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch

MrGuvernment

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
21,817

A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch
https://www.darkreading.com/threat-...he-most-critical-overlooked-and-hard-to-patch

In a year bookended by the late-2020 SolarWinds supply chain attack and the widespread Log4j vulnerability, security teams have consistently juggled and prioritized an ongoing wave of threats. And between those, they have a monthly Patch Tuesday update to contend with.


While Microsoft patched fewer vulnerabilities in 2021 than in 2020, the company fixed 883 bugs in 2021, says Aanchal Gupta, vice president of the Microsoft Security Response Center. Some of these resulted in widespread exploitation; some merited greater attention, and as a group, many reflect trends and patterns that security teams should note in the year ahead.

Among the most memorable vulnerabilities, disclosed and patched in March 2021, were those existing in on-premises versions of Microsoft Exchange Server. At the time it reported the vulnerabilities, Microsoft said these were used in "limited and targeted" attacks conducted by a group called Hafnium, which officials said is state-sponsored and operates out of China.

It didn't take long for the security community to report there were likely multiple threat groups behind a wave of malicious activity targeting Exchange Servers. What had been "low and slow" activity quickly escalated into a lot of noise, with tens of thousands of organizations affected. "That snowballed really quickly," says Kevin Breen, director of cyber-threat research at Immersive Labs, about the Exchange Server attacks. Within weeks of the advanced persistent threat groups exploiting the vulnerabilities, cybercrime groups began to adopt it as well.


In addition to releasing patches, Microsoft at the time produced an additional series of security updates to be applied to some older and unsupported cumulative updates. It was necessary in this case, but Gupta notes "we don't prefer doing" it as it discourages customers from patching.

"Threat actors like Hafnium, they are sophisticated," says Gupta. "They are doing the scans; they are going to go after anyone who is not patching in time."

Click to expand...

 
You must log in or register to reply here.
Back
Top