Microsoft is urging customers running the on-premises version of its Microsoft Exchange email server to apply a new set of security patches after the National Security Agency found and disclosed new vulnerabilities in the software.
It doesn't appear that these new vulnerabilities have been exploited yet, according to Microsoft, but the clock just started. The new vulnerabilities were disclosed one month after Exchange users around the world were targeted by exploits for a different set of flaws, and were "responsibly reported" by the NSA, Microsoft said. Exchange Online users are protected against these flaws.