Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0055 Microsoft Patch Tuesday (March 2020): Microsoft Exchange Server 11 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Exchange Server 2016 Exchange Server 2019 Operating System: Windows Impact/Access: Modify Permissions -- Existing Account Delete Arbitrary Files -- Existing Account Cross-site Scripting -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-0903 Member content until: Friday, April 10 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of March 2020. This update resolves 1 vulnerabilities across the following products: [1] Microsoft Exchange Server 2016 Cumulative Update 14 Microsoft Exchange Server 2016 Cumulative Update 15 Microsoft Exchange Server 2019 Cumulative Update 3 Microsoft Exchange Server 2019 Cumulative Update 4 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0903 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4540123 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmhfBGaOgq3Tt24GAQjIDxAA09kqPruVoh4oPOvh7Ch3griVC/43y37e Fkxk4qHfDSMbKaO1rRbmY2TLyjoeR5vs/KuK+XQjIG0FfXqd5iK9C48rcioTiaUf QbFCVThXdtKn00bWp7ZUfBhtE0hFNEEf9T5YR4mPh0K+uGyHEwCfTrufNLjZUNoq hOw9FMUJLkHoU8u4cZMTJ2cRSNuRzrw6eO1SqrFe2eDSle79GmW3armS3OLjIhrm /9GZcGWTWWAercOMdJSR17rpCDojmOjJ9PppMhCB1+z9HGVZbtawde72oVnA9oWL p43BLH6zD6fYkSaWKHQ4nVokfQ6lC4qIs4nXZVQDeB54ax9Dt/EE/XIYzEbeUHLB opp8FJf6fRrh2OgNQkYHcH01MKRSHV9EWTCL4/tXnqm9Gqn9fRHbM7NAmXCEmNjf n03E8jBHAMj7zKVJAxBmmKV08qs66b1CLy+6x56iB+QeHnA9C9yoHQNzYYZTBD2G UbNfjD7uVhDlCEf1LuRflaa2S8sirfYmtfbijK2JK1WXo2dXnHQYjDjrmkKQAnd4 5W2tP+Gd6Bc2hXUv9Z/1cfNg/bsbfSkN/iLecJVWheXFWB2Cbe4r0gakcsptarMt 9Yl2pGajJXwlG7L8KSHubwHZBOaFLuVvagnelRrFsK4VNcL490VRHc4M9C24nYli xuurSJl31GM= =ni0M -----END PGP SIGNATURE-----