Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0197 Microsoft Patch Tuesday update for Microsoft Exchange Server for October 2021 13 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-41350 CVE-2021-41348 CVE-2021-34453 CVE-2021-26427 OVERVIEW Microsoft has released its monthly security patch update for the month of October 2021. This update resolves 4 vulnerabilities across the following products: [1] Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2019 Cumulative Update 11 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2021-26427 Remote Code Execution Important CVE-2021-34453 Denial of Service Important CVE-2021-41348 Elevation of Privilege Important CVE-2021-41350 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5007011, KB5007012 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYWZtduNLKJtyKPYoAQgx0xAAr6RuBcKJbuuYgDDq0IHIh6347rykbTxZ QDaPxiuTeRZRHhQiK+LCp69x2ZVa5zopkfpeyBqEisJe9e1S18ZrGA3MnZxBCh1k gHBa0G/itN/ce5OZ7+KRLI1H9a0X5zrWJWAXllJ5IPYgNEEHkTQ6AmqjllMAmjJn 2HyNwBoQ72lT0KjELclGDdtDn+xEK+UCaUTzUBXhX5DntHBruD1LT1svblnReqDB cdp4J2wdqqU5mxJcUQlDrrkOaPPvVJv1ym4lgLQ4Z1FXwCc73qeqhwJBjpZlcGlN nQwXRcMJ7/WSYdVME9vwUUMYFHpJWi5WzRt/tkL1UlwXSZzqSy9t+Myiea6DnB2p ry6/rYQwZ74js0rtmbIiLQvVjQaZP2T0EhomIYV6jRedT9kGLFG854vWFRRF4hyb z9rkul2PQjM4d3N8k7yMy4JRJSSY+nwKsJC6Dg1GXLSe3ZOUd0L7syXkYzqWbyIj h37PbuOx+wMlvjyuFpr0mJpr5c7dT6xp9JOFClqrmxLMCpCPTiIEu460iQ3/OPgV wQoqsC21sl3GnKP8KzJB4Pw7SKrwYgA5k2t2q7MRbzrKwbPAcjn0jN6LZ3pwvfdt zo1rL7hpcUgFuU5NqKdj+JyY8EVOFFGhUA+kxkbQTO/eqqvqG95fuzc4IWGccDQx aDXIObwqgBQ= =+KQi -----END PGP SIGNATURE-----