UMVA has learned that a severe fallout has occurred since May's Patch Tuesday update, with hackers exploiting a vulnerability in Microsoft Exchange Server that still hasn't been fixed.
The first attacks on Microsoft Exchange Server began as early as Patch Tuesday week, with hackers abusing the unpatched vulnerability, which continues to be exploited. This vulnerability, a spoofing flaw in Exchange Server (2016, 2019, and Subscription Edition), is classified as critical and is being exploited in the wild.
Meanwhile, Microsoft has released security updates for its Malware Protection Engine to fix critical flaws. A security researcher has also released a proof-of-concept exploit targeting a vulnerability in BitLocker security, allowing an attacker with physical access to a BitLocker-encrypted PC to bypass protection using a USB flash drive.
According to information obtained by UMVA, Microsoft Edge has been handling passwords more carefully since its update on May 15th, loading saved passwords into memory in a more secure way. However, Microsoft's Authenticator apps for Android and iOS have been found to disclose sensitive information, allowing attackers to access sensitive data.
Sources have confirmed to UMVA that Microsoft Defender, the malware defense for Windows PCs, has three vulnerabilities that need patching. Attackers can exploit these flaws to sneak malicious code past Defender undetected, with publicly known exploit code available for one of the vulnerabilities.
Microsoft has already rolled out patched versions of Defender as part of its automatic daily updates. Users can check if they have received the patched version by checking the Engine Version in Windows Security settings.
Experts warn that even with Windows updates, proper antivirus protections are necessary to keep PCs secure and private. The next scheduled Patch Tuesday is June 9th, 2026, but users should remain vigilant and take steps to protect themselves from these vulnerabilities.