Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0212 Security patches for Microsoft Exchange Server 13 December 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Operating System: Windows Impact/Access: Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-11932 Member content until: Friday, January 12 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2017. [1] This update resolves 2 vulnerabilities across the following products: Microsoft Exchange Server 2013 Cumulative Update 17 Microsoft Exchange Server 2013 Cumulative Update 18 Microsoft Exchange Server 2016 Cumulative Update 6 Microsoft Exchange Server 2016 Cumulative Update 7 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV170023 Defense in Depth None CVE-2017-11932 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1][2] KB4045655 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance [2] ADV170023 | Microsoft Exchange Defense in Depth Update https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170023 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWjBtjox+lLeg9Ub1AQitLRAAirTJIEWlA6KrxPA5yxJnUH2OzVl4QvjW 5Yb3GkSlId7Qpv4iaLzhDyQl7X/jV4LftyuxR7uJNre13MvquDTHvLAYE+MMYrjF SZb/O3UsY2zcpRzp0xroBPUQP459WtwP/+t4b6AXE/5/p90lpS6l0hL6YvWaTtyc 9OQcP4idZ+9G7A/cK77HWJpvRuE9dHUXFU+6cFsvwTwxvRumsaZ8zsvtEtBVdJQ6 wE3hVha4Sz0wh7LlVr3cVfOI0bNYGWxCYU82fHsE1XVxjWSt6X0zevfpdAdl+YGn p3YP78au7Qzm8+W5+EkDvLZpTqrjcxSgmNH03JQ3+7bt/RQleNKHj3Vn4dyVjXbW 8Kxff7OMni9WCjsuglrf8ai/p9WKbfyIZC8/Jx6/mOvXFA2vV9XBWzqIu5I/Pob8 BREKoNmtg/IoAVj50j/li93cDsO3RSsk/oRAxUN7H6ZUfbSMkP12aCfl4jC7xGcM Ay4qrg2pRipF+7VOpOVlEWKEPS/dDROcCBEyIOtoZ2KvGpVGfx4PqBaVo5IyLqIO wTpy3uLwRWr/NRyBHkm0p1GAXsn3HNQVBOf8Rwjj8kIj3KXCp5TXqPH+BSMdDq5g YECMizbL0P2mpfzeMNgi/b2XiLQ+FdWMQMrc9fqqkpeNGM1XDziEIFrAWfYzm09A hZgdF0zyAEE= =lU4Y -----END PGP SIGNATURE-----