Microsoft, Intel lead this month's security fix emissions Microsoft's August patch party seems almost boring compared to the other security fires it's been putting out lately. Of the almost 90 flaws addressed today, two are listed as being under active exploitation. Redmond deemed six of the August CVE-tagged bugs as critical, though we note there are 26 vulnerabilities that can lead …
Quite a few comments on the Exchange security update announcement from people with German language Exchange servers reporting that the upgrade breaks the server:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/ba-p/3892811
The perfect argument to switch?
Not that that will be easy, but at least you have something to investigate while you wait for Microsoft to figure out where they screwed up this time.
Oh, and again: record the duration of the outage so you can add the cost of lost man hours to your next budget.
I was alerted to this by CISA, providing a link to the M$ information [https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug]. Following that link (supposedly to a list of vulnerabilities) I find that it leads to a JavaScript app. With scripting disabled, zero information is available. Considering that running unknown code is inherently dangerous, this seems odd in the given context. However I suppose it's no more strange than that the UK National Cyber Security Centre web site does exactly the same. There, you can't even see the emergency contact information for those under attack unless you enable scripting. Have we (or at least our web devs) possibly got something wrong?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
