720-891-1663

Return to list of client alerts

Microsoft Flags SIX New Zero Days

It seems like we are seeing more zero day exploits from a number of vendors. This month is no different.

Just like last month, Microsoft rushed out patches for zero days that are being exploited.

Microsoft says there are six bugs in what they call the “exploitation detected” category.

This includes two more Exchange bugs.

The other bugs are in the Windows CNG Key Isolation Service, print spooler, web security (mark of the web bypass) and Windows Scripting Language (WSL).

Microsoft says that they saw a single state actor – unnamed – exploiting these bugs in August, but now that there are patches out to reverse engineer, they will likely have company soon – if not already.

Microsoft says that this could, maybe, (definitely) be attributed to China, which passed a law last year requiring their researchers to tell the government about bugs they discover before telling vendors like Microsoft. China says that they would never abuse this information. Sure. I believe them. Want a bridge in Brooklyn – real cheap?

Read more information about this at Security Week.