Attackers are targeting SAP enterprise applications that have not been updated to address previously-fixed flaws, researchers warn.
Enterprise IT staff should prioritize fixing the flaws listed in the Top 25 list of most commonly targeted vulnerabilities released by the United States National Security Agency.
The Zerologon vulnerability Microsoft patched in Windows Server last month is actively being exploited in several attacks, Microsoft warned.
Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.
DNS issues are bad news, and SigRed is among the worst: Microsoft fixes a flaw in Windows DNS Server which has a severity rating of 10 and is believed to be wormable.