Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0282.2 Microsoft Exchange Server gets November 2018 security update 15 November 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Exchange Server 2010 Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 Operating System: Windows Impact/Access: Increased Privileges -- Remote with User Interaction Resolution: Mitigation CVE Names: CVE-2018-8581 Member content until: Friday, December 14 2018 Revision History: November 15 2018: Correction to note that the fix is manual for now and will later be provided in a software update. November 14 2018: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of November 2018. This update resolves 1 vulnerability across the following products: [1] Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-8581 Elevation of Privilege Important [1] MITIGATION Microsoft recommends deleting a certain registry key to disable a feature. A future update will make this a permanent change. [1] REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW+zANGaOgq3Tt24GAQjuRhAAnVnAu8Np3r+lFeYCPI/ZVi9sF58rELlu K470qpCxwyEjx+CZBM6sohE/eK2x7hv7i7hR+EJCgE2SqhqSNXzf4SKdV8uEw82s dmJv+nOG2Dla55NLcuuk/59Ime5gGokDoJgtB0SiLqisFaelg5mdVdJlsFuMAWmn FTIFUql7W5OHaC3SLtUvWZRnh0riLKBTENGiev5jIp9A17R6YJFw6citpSq9D8x9 05HoAe+JJ1a8cp9pTF6t2PulolVc/ztJUEb6SjdxP7ZmyWb2CAaJ7+9GmvSJ87xk +5AybXnHAi3qGn2n1uPRwGhc+B2YK6bDWwsQkPkxRDeY2iAwb5P9YyX3L46QgBz+ sPBzUzZ6XjDe7f11LyLNUZ16koD/2ad+9pXB4PGO0PZnbI2880cHbRmDxmHenyEy Z32aRkt8MoDUYnXvXku2uVm19tmJgBo3/xORjLwln/DpzWsLXy/BnE3lkIOjN54s 5bfJGV2OUCax5OuwgT4X+ytdDJBhHJtWWCjywBBNCyVfVb+dUgXG8KUgW1l0FRJj 6T1gJjJU24sUr0y+hfaqZOy5pqPSR4RnZCFGucjnBAQpIgSUgexF9ATT4R8d/Pxk OgYzfT8nUvOV3ltvQ8z2M9YLAAVn/txG3YaQqULJtGTAWVTMgLz8NVjnpFpdEwhA ZD28Z+RWxis= =OUxq -----END PGP SIGNATURE-----