The latest Patch Tuesday security update from Microsoft rolled out August 8, complete with six critical reasons to install it as soon as possible. When it came to certain Exchange Server admins, however, timely installation proved to be a big mistake, as the August security update caused server deactivation. Microsoft has confirmed the issue that caused these Exchange Server installations to be left disabled, and the August Exchange Server security updates have been temporarily removed.
Which Exchange Server Installations Are Affected?
According to a Microsoft support posting, the issue relates to the August security update for Microsoft Exchange Server 2016 and 2019. Specifically, those that are running on non-English language versions of Windows Server.
What Happens If You Install The August Security Update?
The first issues with installing the Exchange Server security update were posted to Microsoft’s Exchange Team blog on August 8 itself. One German Exchange admin pointed out that the update “leaves the server in a non-working state” with the Exchange services deactivated. This was followed by a flurry of other German Exchange admins and then French ones, adding their confirmations.
Exchange Server Remote Code Execution Vulnerabilities Exposed
The August security update included patches for five vulnerabilities impacting Exchange Server, with two remote code execution ones given exploitation more likely status by Microsoft. It should go without saying that such vulnerabilities need to be patched as soon as possible once a fix is available and the vulnerability is exposed. The time between a vulnerability being disclosed and that fix applied is known as the patch gap, and it’s something that potential attackers look to exploit.
“The exploitation of CVE-2023-35388 and CVE-2023-3812 is somewhat restricted because of the need for an adjacent attack vector and valid Exchange credentials,” Natalie Silva, lead content engineer at Immersive Labs, says.
When it comes to CVE-2023-21709, however, the attack complexity is low, and no privileges are required, although the attack vector remains through the network. “This flaw allows for elevation of privilege and poses a serious security risk,” Mike Walters, vice president of vulnerability and threat research with Action1 says. Although a critical vulnerability, rated 9.8 using the Common Vulnerability Scoring System, it’s not a remote code execution risk as, Walters explains, “it involves a brute force attack. Strong passwords are less likely to be compromised in this manner.”
What Has Microsoft Said About Cause And Mitigation?
I have approached Microsoft for further information regarding when a fix might be forthcoming and the Exchange Server security update made available again.
In the meantime, Microsoft confirmed that the issue is, as you might expect given it impacts non-English versions, with localization in the Exchange Server security update installer.
Microsoft has published a six-step workaround, which starts with resetting the service state before running setup again, creating a new account in Active Directory using a specific name, running a bunch of commands and restarting the SU installation.
"exchange" - Google News
August 11, 2023 at 04:53PM
https://ift.tt/6TLfFXe
Microsoft Warns Of Exchange Server Failures, Pulls August 8 Security Update - Forbes
"exchange" - Google News
https://ift.tt/8uUi1IO
https://ift.tt/K5SL0wc
Exchange
Bagikan Berita Ini
0 Response to "Microsoft Warns Of Exchange Server Failures, Pulls August 8 Security Update - Forbes"
Post a Comment