Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1806 June 2018 Oracle Outside In Library Security Update 20 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Exchange Server Publisher: Microsoft Operating System: Windows Server 2010 Windows Server 2013 Windows Server 2016 Impact/Access: Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-2768 CVE-2018-2806 CVE-2018-2801 Reference: ASB-2018.0083 ESB-2018.1716 Original Bulletin: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180010 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ******************************************************************** Title: Microsoft Security Advisory Notification Issued: June 19, 2018 ******************************************************************** Security Advisories Released or Updated on June 19, 2018 =================================================================== * Microsoft Security Advisory ADV180010 - Title: June 2018 Oracle Outside In Library Security Update - https://portal.msrc.microsoft.com/en-US/security-guidance/ advisory/ADV180010 - Reason for Revision: Information published. - Originally posted: June 19, 2018 - Updated: N/A - Version: 1.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlsoLYQACgkQEEiO2re1 8ugclxAA0b7QLyHy4lRjPh22QckmErtExgBbzaOnSU3ss+Ro3tC6quExLZajOkAK pTmQfMQ9R7PKSvaaNb0d3WwDLzu76Xq8NLMzOgEUeFS7X5Q85GjdYOMYKATySXoM 8xKhOBhvu3+lkyt5EO/4IjUbEd/Pppr/dVdQy65kHLygjwBhe6kvXpmDrnxQLrgt EPGx6DMQ3xekhpLfL56ZfvWrJ/yCI0uuazFsBBjT2LlrNaJR3b8hyBBQc7xEUSdV jTMiZY4N34bgh1HioJALHD1n9Gb17e/GoGjgddhU7HW/jGjoyBpu/QKsYj8z3ZgA 5vnD10tqEJToccCcY/ZDTzExfSlpzAuk27WP3FDoU3t//tDVb5QohAApLdwXiJ9I dJ7GYWPzSd75DO4kQVBQcc7tVVmEHKcHgzMFJpfaGdMiYuG2ZNfiNCs1Offsi3Dg WDQSgLkRieJg2leTGoB8B9YDCouyjjBdRaQy54jzn5exNUKEosbtc3/Nzp/Mz0RP g6GGN3sLFWICXggYLsWpKuUDRvBt0im1bg4N7gJr7Ln9aY1CtDLVcBfUMdTbNwT6 zANydkP7z8vVfcB+JT45O+F+MdtdYZa2PF7r2MeV20tPVlxaXiHE4ehsVfIUvx7d 6AMakznymvL/J6wLD9uMd9GhNOGgKDDlbT+B7fUCWkLBl1bxm4g= =cFki - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWymxX2aOgq3Tt24GAQiUDRAAkxJnttIicq7y409jrO+3/DZGFfwunSXT DJAnzh5kTpR8RUWfilaMqvAS7B1p+ytP/mH2ELAp5vacO3K16X6lXhmM1IOM5ZIk 5Y39/Lgd2mKliWrcjcKLv7jEBHmp8UmGDZ1Uo0SIYL7I2nnoJB2OvC446OwPYt9C cZ3lJAymOO1kZA2oyVTWnfh6Uytax7WeHzeWDO5nxwBbSErKXiIJcQvO70zWsByD cTVwBNt0uAL2UJPSWxQ2pmBD0UZO4PlOjbPqnh4IBdNnWklyJS42xpAui4ZV5Xd4 TEEAwQTk4N6B/IBIeYkgF89Cqty5spcdJksprZLjPfnUXLrSZ+HDyzfbnDkq+skX +fHNuIRPL7tNntkIGEIIm+YZ6TjSMs5k2elmCtFA6kO3ACCP8H/N0dzC69BZAgi9 +A15TIP8mlp50VzukrpGgbJFg4WLysGDV52nQLV6/t2jpXG8HFphBSZKzsY/dV1A SFAmimcyIuCwH701vJVKijqSJOGjs1Pp06I9d74zW2n6l2rcs2IOIVHq2dmsHESC 1KE0zLdI3pCaiZMJ0hkil7Vt71XXoxlo9QnVuMdL7SihjUdFz8D/AQCUs0ujQ79A Msdga2LEuxAf7prvbMY8y3cyOewLvWALJ8BNuOxLNO9N5MXW7k6F/N16pONg2rMT XhusLIKGrOM= =MAwu -----END PGP SIGNATURE-----