Cybersecurity researchers have discovered a new zero-day vulnerability that has surfaced in Microsoft’s Exchange email servers and has already been exploited by bad actors.
Microsoft stated on Friday that it was “working on an accelerated timeline” to address the zero-day vulnerability and create a patch. However, researcher Kevin Beaumont confirmed on Twitter that the flaw has been used by nefarious players to gain access to the back ends of several Exchange servers. “If that is true, what it tells you is that even some of the security practices and procedures that are being used today are falling short. They get back to the inherent vulnerabilities in the code and the software that are foundational to this IT ecosystem,” Roger Cressey, former member of cybersecurity and counterterrorism for the Clinton and Bush White Houses, told DigitalTrends.
According to the CISA vulnerabilities catalog, Microsoft Systems has been subject to 238 cybersecurity deficiencies since the beginning of the year, which accounts for 30% of all discovered vulnerabilities. These attacks include those against other major technology brands including Apple iOS, Google Chrome, Adobe Systems, and Linux, among many others.