Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0158
Microsoft Exchange Server: Remote Code Execution Vulnerability
9 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Exchange Server
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-16875
Member content until: Friday, October 9 2020
OVERVIEW
Microsoft has released its monthly security patch update for the
month of September 2020.
This update resolves 1 vulnerabilities across the following products:
[1]
Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2020-16875 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Cataloge for the following
Knowledge Base articles. [1].
KB4577352
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX1guWeNLKJtyKPYoAQi2Ng/9Hty5XgONWABU09DQb6kY9ZrX9InqcIcW
Iz4phIIqpUceVNO4Wu4RLv3Qnyl703pDsSTaQXgy9PmRl8BssYrmQSJ5o3IkxJVr
2ERH57XouHNpD3bjr0WnQo+C44BOgEDqlK0p2JMEMU5kVEidw0RVVeNEfLy57Ywh
iDffXuJv62aS0o7jTL8Vea2Yx6JjslydbdOZQfs99mHTXzoc5jFzN8wu3Wi33s1q
W2eyJm3oLwvTN0galR8RO7eGHXMCBnV/Jkg8Mjo+xB8ms4LM25TYp54puGSnSOzi
XifEkzRDhXS7VRP6gD6VWA0fbA4nsIhW3FxH3oOrUVhb8XNO5VnAbnlXe228mbCZ
MK+sUfKAVzwM0KQXbywL356cUEAx/M083vivTKyrfBflIswCKBfaJke/cD938sKu
KH6SwXbQ+MfQfJHTI8d/5UsLVYr+t7kWfjJns+B3sxWP0CrKj6rzEMo5xaXcWbit
5jiC+99HyZr8iOSPT1n2zd5pE0vGzlCTh0Xo3jdTOwGqBVlREgmfxM9cXvMjbIUJ
2XjINrZ5OM1lrJQ9dWJSik+TH0mXMpVcWRH6mhj6Jr0HsFch0U36i9IW6IINK6Fh
8U3xmeFfaqR1qP1BFiRRKgXzgQWVwadY6mxk8oN5uTesVB9ISDLbh9HQjoW0XWCr
TtHhSSUtZxM=
=JPVF
-----END PGP SIGNATURE-----