Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0005 Microsoft Patch Tuesday update for Exchange Server for January 2022 12 January 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2022-21969 CVE-2022-21855 CVE-2022-21846 OVERVIEW Microsoft has released its monthly security patch update for the month of January 2022. This update resolves 3 vulnerabilities across the following products: [1] Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 22 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2019 Cumulative Update 11 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-21846 Remote Code Execution Critical CVE-2022-21855 Remote Code Execution Important CVE-2022-21969 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base article. [1]. KB5008631 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYd5DgeNLKJtyKPYoAQhf2xAArOgKqoga22wMe79tWuV1xqf97AZ4WefT dNOhlQW9MT3xy7+5rld0m1irLWpZdxiVQal2FL+mBmV0/XyAKBst0pXhZ+cj6wZ9 eNa4durTed43ILaW0fo0i8d5aoTn9POhn3RMB1kZTe5EhE3/KpjlTBAT/tujFi4f XT5qrNU2GTc954jj9cg5aVX9fxRYoraNuTumr+BMu8MPTUAdLVhcYdG/sN135ZoO Fm1lTVB9Um1JvD92C4vHzXmEhqXZt18QXZtKevY1gghwUeq7kvW8PJrEBhroLRNt Ynp51EeO8YRevlqM1krkQuTM8Wc3ylW9zeDTT7Y5azLjbl8TvnfrnSXRPeSRi5DR p2HCrtMekQUMeHvhlnKKggPGsOoMoP+AarvLJ4awql7CXXwHJBQRrFQx8UQBSAkd WwunAOdlgswBT7Y4qF1tt0WJ6Cq1iIs18WyNiK5hINpV7b68BtW+xgOb9BcWcPPk 9G2wg78HPpDo6q3+8eT3uM2NlQPpjn70r+fjgXpFoPNkUbo7Ui4w1Yb36YEkKNpv oxw6z3wIsAvHHPgD6H39n3EPzPa6ovydUWT+gSzh4Qgtpkhfz3KERTtHUC7Hhsnl 1yHz8jRz8B6Fj/F7iGd4GJhJXZNWyet3swBOQ2Bn/4JBpxhVgbNdDk+22LLVsaJw 696BnsuKBE4= =QXyQ -----END PGP SIGNATURE-----