Microsoft announced that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection (EP) on affected servers to fully block attacks. The EP feature enhances Windows Server auth functionality to mitigate “man in the middle” attacks. The company patched 121 flaws as part of this update including the DogWalk Windows zero-day and several critical severity Exchange vulnerabilities. Remote attackers can exploit these Exchange bugs by tricking targets into visiting a malicious server using phishing emails or chat messages.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in