Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0158 Microsoft Exchange Server: Remote Code Execution Vulnerability 9 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-16875 Member content until: Friday, October 9 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2020. This update resolves 1 vulnerabilities across the following products: [1] Microsoft Exchange Server 2016 Cumulative Update 16 Microsoft Exchange Server 2016 Cumulative Update 17 Microsoft Exchange Server 2019 Cumulative Update 5 Microsoft Exchange Server 2019 Cumulative Update 6 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-16875 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4577352 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX1guWeNLKJtyKPYoAQi2Ng/9Hty5XgONWABU09DQb6kY9ZrX9InqcIcW Iz4phIIqpUceVNO4Wu4RLv3Qnyl703pDsSTaQXgy9PmRl8BssYrmQSJ5o3IkxJVr 2ERH57XouHNpD3bjr0WnQo+C44BOgEDqlK0p2JMEMU5kVEidw0RVVeNEfLy57Ywh iDffXuJv62aS0o7jTL8Vea2Yx6JjslydbdOZQfs99mHTXzoc5jFzN8wu3Wi33s1q W2eyJm3oLwvTN0galR8RO7eGHXMCBnV/Jkg8Mjo+xB8ms4LM25TYp54puGSnSOzi XifEkzRDhXS7VRP6gD6VWA0fbA4nsIhW3FxH3oOrUVhb8XNO5VnAbnlXe228mbCZ MK+sUfKAVzwM0KQXbywL356cUEAx/M083vivTKyrfBflIswCKBfaJke/cD938sKu KH6SwXbQ+MfQfJHTI8d/5UsLVYr+t7kWfjJns+B3sxWP0CrKj6rzEMo5xaXcWbit 5jiC+99HyZr8iOSPT1n2zd5pE0vGzlCTh0Xo3jdTOwGqBVlREgmfxM9cXvMjbIUJ 2XjINrZ5OM1lrJQ9dWJSik+TH0mXMpVcWRH6mhj6Jr0HsFch0U36i9IW6IINK6Fh 8U3xmeFfaqR1qP1BFiRRKgXzgQWVwadY6mxk8oN5uTesVB9ISDLbh9HQjoW0XWCr TtHhSSUtZxM= =JPVF -----END PGP SIGNATURE-----