Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug
Microsoft has observed signs of active exploits targeting CVE-2024-2140.
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Microsoft has observed signs of active exploits targeting CVE-2024-2140.
Outdated Software, Exploited Flaws, Security Loopholes Expose Ivanti's DevicesSupply chain security firm Eclypsium found corporate VPN maker Ivanti's Pulse Secure devices - which underwent much emergency patching amid a likely Chinese espionage zero-day hacking campaign - operate on an 11-year old version of Linux and use many obsolete software packages.
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. [...]
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. [...]
CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe
Two zero-day bugs actively exploited in the wild now have official Microsoft patches
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.
The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [...]
Two new flaws, one zero-day, countless different patches, but everything's fine! Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.…
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.