Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0127 Microsoft Patch Tuesday update for Microsoft Exchange Server for July 2021 14 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server Products Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-34523 CVE-2021-34473 CVE-2021-34470 CVE-2021-33768 CVE-2021-33766 CVE-2021-31206 CVE-2021-31196 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2021. This update resolves 7 vulnerabilities across the following products: [1] Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2019 Cumulative Update 9 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-31196 Remote Code Execution Important CVE-2021-31206 Remote Code Execution Important CVE-2021-33766 Information Disclosure Important CVE-2021-33768 Elevation of Privilege Important CVE-2021-34470 Elevation of Privilege Important CVE-2021-34473 Remote Code Execution Critical CVE-2021-34523 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5001779, KB5003611, KB5003612, KB5004778, KB5004779 KB5004780 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYO5YEeNLKJtyKPYoAQhGPw/+IOqx1mP0Pgo4LZPQtpm2PWUKWg24MM99 jaqYm58mBL0YEwXaTlF4wSK6hiDfYlD7KB7QuHkUsbdHlmjZ7t7CwOCbPezRVIg0 42b54PJjgIM3RXU4utBpVFcb5OfaC0qW9Wp5WQ9PoLWsd6J5UnFQHGRQEIxHgHKt QY46+F/xPZO06sE/PlD1/Gu2DCOMzqE8oc0DFks/qpZqHTZ/HyJKb2j3nIk3gYkb qZE65V+HlrwqFcktWrf49miZb3zvGJS5noFoQxrrI19musBxprlS+wjIwsu+h6h2 G6R7EEd01Xj/iXRJCgYJP0BL0jV4TFMT22IjthdAHu9vBHEyPV5FK4QB5xFIcqZb bTlE7/vLgLrU1ywnjy7lZZDXJACi8/OxComEnoTIeLdE4Xmomv06jIVwHJ9/8aAh 25NeB+CtTEgACMYWXFUcUYNoUXk/ZCUcjQESLbN8KleulJYe3Y199/naN7i3wDjK kifFxorAzu0E8FNCF7ezNWgWWDQk9mh+KhmVTAXm6SdFT1UCd/zOVx8mOcVOYtrf J+u5SgwAzR2jlpVMG5aTCQm8bNzAAMZ9A6N9qO3dfWnYOVA1vORXCTEDu2hgWigT gSz5Pdehgc7qWMGv23vjBQb++E2FzYysXC+pJU1bxOkjd4ulDYrarDFYSGNAGpcA L66IMavwz6Q= =bw49 -----END PGP SIGNATURE-----