Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0124 Microsoft Patch Tuesday update for Microsoft Exchange Server for May 2022 11 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2022-21978 Comment: CVSS (Max): 8.2 CVE-2022-21978 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C OVERVIEW Microsoft has released its monthly security patch update for the month of May 2022. This update resolves 1 vulnerabilities across the following products: [1] Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21978 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5014260, KB5014261 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYnsyMONLKJtyKPYoAQhaBBAAhHihTMSR83Ag+ESpbOTyCtcWMWe1tQ6T SVwSVuP09Z7ZTz2FJjv32C2iwdIaGHP2bvrCDCykbuIstUUOeGW/fRHmr/s2v+MW hMqSuuZwsJquV1+vXJ6/otBBjeBwWTKIlSvxU0eBwiayuGFmLb4TwcqmuBKm8aTO ktQbkwz4AMXmUyyuIK+U059RbHqiFGvY/OmhuaeY/T3rs+a/NQExydffTw7Pgpo1 fIBM+q9+Cfh3dVAj2qA/cwWN0RE0/ougz7hJ68rGklJlm7JLbXrvP5YO8dGou4Aq UFI2NLfdnh4AJNwPRC8EV3b6OR/3RkawyH/4F4VtbLLoL/gJGO8jV3d0C+1X35Kc aNKbFnlN8nyrPJEGv/8Im3Vyrw5/+DAQBONb3tIU3QmI199xLGJvuOCIG0YX+S0b xTULQ5xPZ9J5W65CgILjeSVaWGimuWa7z+XkHjeOc+gjYCQeWZ1afK3JaNxU7MYn dUgnnh9TJbaeVb7bUo1wqLPC9qbA+X9RT5IAHwLYANomSFevD73IbG9UOhoUzepr dPhCVn3KJKs/lKrYa0y7DNmCby1s7v0oKnwr9GAs+zuyxSZQgdtMG4c8ONAAdoN8 PwiANJEQv7yZiYmdL1NxpPyp08oPDXKieqNNYUDRld99S6sLs51mOzLTNID588y5 E/8C0CZvD7I= =VQ17 -----END PGP SIGNATURE-----