-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0055
      Microsoft Patch Tuesday (March 2020): Microsoft Exchange Server
                               11 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Exchange Server 2016
                      Exchange Server 2019
Operating System:     Windows
Impact/Access:        Modify Permissions       -- Existing Account
                      Delete Arbitrary Files   -- Existing Account
                      Cross-site Scripting     -- Existing Account
                      Access Confidential Data -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-0903  
Member content until: Friday, April 10 2020

OVERVIEW

        Microsoft has released its monthly security patch update for the month of March 2020.
        
        This update resolves 1 vulnerabilities across the following products: [1]
        
         Microsoft Exchange Server 2016 Cumulative Update 14
         Microsoft Exchange Server 2016 Cumulative Update 15
         Microsoft Exchange Server 2019 Cumulative Update 3
         Microsoft Exchange Server 2019 Cumulative Update 4


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-0903   Spoofing                 Important


MITIGATION

        Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
         KB4540123


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXmhfBGaOgq3Tt24GAQjIDxAA09kqPruVoh4oPOvh7Ch3griVC/43y37e
Fkxk4qHfDSMbKaO1rRbmY2TLyjoeR5vs/KuK+XQjIG0FfXqd5iK9C48rcioTiaUf
QbFCVThXdtKn00bWp7ZUfBhtE0hFNEEf9T5YR4mPh0K+uGyHEwCfTrufNLjZUNoq
hOw9FMUJLkHoU8u4cZMTJ2cRSNuRzrw6eO1SqrFe2eDSle79GmW3armS3OLjIhrm
/9GZcGWTWWAercOMdJSR17rpCDojmOjJ9PppMhCB1+z9HGVZbtawde72oVnA9oWL
p43BLH6zD6fYkSaWKHQ4nVokfQ6lC4qIs4nXZVQDeB54ax9Dt/EE/XIYzEbeUHLB
opp8FJf6fRrh2OgNQkYHcH01MKRSHV9EWTCL4/tXnqm9Gqn9fRHbM7NAmXCEmNjf
n03E8jBHAMj7zKVJAxBmmKV08qs66b1CLy+6x56iB+QeHnA9C9yoHQNzYYZTBD2G
UbNfjD7uVhDlCEf1LuRflaa2S8sirfYmtfbijK2JK1WXo2dXnHQYjDjrmkKQAnd4
5W2tP+Gd6Bc2hXUv9Z/1cfNg/bsbfSkN/iLecJVWheXFWB2Cbe4r0gakcsptarMt
9Yl2pGajJXwlG7L8KSHubwHZBOaFLuVvagnelRrFsK4VNcL490VRHc4M9C24nYli
xuurSJl31GM=
=ni0M
-----END PGP SIGNATURE-----