Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0050 Multiple Microsoft exchange server elevation of privilege vulnerabilities patched 13 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server Operating System: Windows Impact/Access: Administrator Compromise -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-0686 CVE-2019-0724 Member content until: Friday, March 15 2019 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2019. This update resolves 4 vulnerabilities across the following products: [1] Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26 Microsoft Exchange Server 2013 Cumulative Update 22 Microsoft Exchange Server 2016 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 1 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity None None Elevation of Privilege None Elevation of Privilege Important Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4471392, KB4471391, KB4487052, KB4345836 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGOSw2aOgq3Tt24GAQj9Wg/9FBfl+8n8fh1puosgENDX4/oDiO9gxx5o cy8K538mpbwif+7glGAxP7NULOZ4VnKc/Yb6ZSfVYgz6NXP4ndzdiD7FYfqpFzf7 mWTdpMyu9Cbyyc+SXH4k8D6h0JfYL3Jp5nz2Ff8JjTZIf95lwuD69MxV5hhVk7J5 EZWIzPdr08uV2Xml25A1IoJHdCxRIfJFekTlrUlOKAi1SzlnwN4lzUvFn3VY1clj KT2gErhIEKX7lNwGaeeKRASFsqvo51hEDphfh+qbs8ovBQEWQ7IXrz+1fry1icT+ gSoybAHoTUEnc6qf08ZjYngEDNB+IRNUCXZoqYM0qIvmMulu1FN8ED5WRQNUYQ8e m2SKymkVuzOeD6a+7gfhB+bNQ6t1UBxljkdPi3Wum0dYwdgYf4UbLykXjStoEFfg khdnVo8NG1oy52W80yJSNcEhr7PnJI4qOHtcLJ+agR6/ke62kBbT6/I+yRtFn9In Ge8nI+SsYOxFBcC2dtfO5YeGJLnJYb6KQW7HbOHX6aH0bALmfN8LJMyn3aOq0oML AuyDZiwxqt2+PoaUCDhsXXE5V9OfqlyhWrfLtKC76Y+D70IQXdxu5dlxvEhCjVeq Z+equ8ujHjccE5KMdVMXiuelunOVG0A93/waY9oT1bGl4Z+rU6uofqrmrhjcE/jk 5BNaV1SyUBE= =rA/g -----END PGP SIGNATURE-----