CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, Including a 14-Year-Old Flaw

beyondmachines1@infosec.exchange

CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, Including a 14-Year-Old Flaw

CISA flagged four actively exploited Microsoft vulnerabilities, spanning from 2012 to 2025 covering privilege escalation, remote code execution in Exchange Server, and insecure library loading, with at least one (CVE-2023-21529) tied to Storm-1175's Medusa ransomware campaigns. US Federal agencies must patch all four by April 27, 2026.

**Most of these flaws are old. So if you haven't patched your systems for over a year - let alone 14 years, it's high time to do it today. Because hackers don't care how old a vulnerability is. It's still usable. If you're still running Exchange Server 2013, 2016, or 2019 on-premises, prioritize patching or migrating those immediately.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-four-microsoft-vulnerabilities-including-a-14-year-old-flaw-f-v-f-p-4/gD2P6Ple2L