Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0043 Microsoft Patch Tuesday update for Exchange Server for February 2021 10 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Operating System: Windows Impact/Access: Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-24085 CVE-2021-1730 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2021. This update resolves 2 vulnerabilities across the following products: [1] Microsoft Exchange Server 2016 Cumulative Update 18 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2019 Cumulative Update 7 Microsoft Exchange Server 2019 Cumulative Update 8 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-1730 Spoofing Important CVE-2021-24085 Spoofing Important MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance. AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYCNLeuNLKJtyKPYoAQjdoQ/+NTmRpSvj4PLtktw4mnlW+GTNbvKg5eDo BNDjm3TSsR7MXlfALFYQfvvnz+sZl0bZ9OgZ/LCw3EE04oifSnN9GUn1qeYEAzFS 4V2jHXvC+4QR/F6klM4Z+0enTAqbpLrYZodrFUrJiLbjjQlooO+NyqSipnu/Gpot S4OAFQAOlIX6BfSAI65GKrM3ZggDlX2rtCGdEhI8k8Nw5M4z8S00Cjh4vhmJZlRe 4+D5iImYrjdDQDTMnDvtzGKJponuUuPwiOlQy5kLZek3FBiPtoGF05DpIfLux1TX si/9quqPBEZtiu02zgUYXKLvQf4zbZZYcNpVv8GZ0T6csO1gditpxrNByHqmrIqh HLyQwOj9hktcwApWsZse38tK5KrPocx3KxmsxjtCGoHSV4+m4C/iK6mWSqSS5ZsM Rg4gZqncFGzB2AKS+LosLFuowDs+yDVijEd9q8GSVJjvrKaRvAJh0KR+HGEkX4NP oEePlYEt400DUtn+5l6lDuKKUqntlifCAW3FsGnAft00MwQUeOYVkxlq69JfHa7B 0FrIy7BGyzonybHNHFAWFqnkrmnbqGqBa3R95mnL1AP8BOx+uNT+r+JlAl9vTRsH TYc8vFeJ1B107eU+OE8RB51/UbgkNXvEJff2rZTJtF8u0kr9c4cC1JvUJ80EIbvA dx9rwMY1e/E= =H1Vj -----END PGP SIGNATURE-----