-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0158
      Microsoft Exchange Server: Remote Code Execution Vulnerability
                             9 September 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Exchange Server
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-16875  
Member content until: Friday, October  9 2020

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of September 2020.
        
        This update resolves 1 vulnerabilities across the following products:
        [1]
        
         Microsoft Exchange Server 2016 Cumulative Update 16
         Microsoft Exchange Server 2016 Cumulative Update 17
         Microsoft Exchange Server 2019 Cumulative Update 5
         Microsoft Exchange Server 2019 Cumulative Update 6


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-16875  Remote Code Execution    Critical


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Cataloge for the following
        Knowledge Base articles. [1].
        
        
         KB4577352


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX1guWeNLKJtyKPYoAQi2Ng/9Hty5XgONWABU09DQb6kY9ZrX9InqcIcW
Iz4phIIqpUceVNO4Wu4RLv3Qnyl703pDsSTaQXgy9PmRl8BssYrmQSJ5o3IkxJVr
2ERH57XouHNpD3bjr0WnQo+C44BOgEDqlK0p2JMEMU5kVEidw0RVVeNEfLy57Ywh
iDffXuJv62aS0o7jTL8Vea2Yx6JjslydbdOZQfs99mHTXzoc5jFzN8wu3Wi33s1q
W2eyJm3oLwvTN0galR8RO7eGHXMCBnV/Jkg8Mjo+xB8ms4LM25TYp54puGSnSOzi
XifEkzRDhXS7VRP6gD6VWA0fbA4nsIhW3FxH3oOrUVhb8XNO5VnAbnlXe228mbCZ
MK+sUfKAVzwM0KQXbywL356cUEAx/M083vivTKyrfBflIswCKBfaJke/cD938sKu
KH6SwXbQ+MfQfJHTI8d/5UsLVYr+t7kWfjJns+B3sxWP0CrKj6rzEMo5xaXcWbit
5jiC+99HyZr8iOSPT1n2zd5pE0vGzlCTh0Xo3jdTOwGqBVlREgmfxM9cXvMjbIUJ
2XjINrZ5OM1lrJQ9dWJSik+TH0mXMpVcWRH6mhj6Jr0HsFch0U36i9IW6IINK6Fh
8U3xmeFfaqR1qP1BFiRRKgXzgQWVwadY6mxk8oN5uTesVB9ISDLbh9HQjoW0XWCr
TtHhSSUtZxM=
=JPVF
-----END PGP SIGNATURE-----