Microsoft pushes patch for exploited flaw in on-prem Exchange

By

Exchange Server 2013, 2016 and 2019 under attack.

Microsoft is urging Exchange Server administrators to patch their on-premises instances of the communications, calendaring and collaboration software as soon as possible, to handle a post-authentication vulnerability that is being actively exploited.

Microsoft pushes patch for exploited flaw in on-prem Exchange

Exchange Servers running in Hybrid mode are also affected, Microsoft said in its advisory.

Users of Exchange 2013 CU23 who get patches via the Windows Server Update Services (WSUS) could see an error 0x80070643, event ID 20, in their log files.

Microsoft said it's working on fixing that error as soon as possible.

Users can run a PowerShell script to check if exploit attempts have been made against their servers:

Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }

The November Patch Wednesday updates address six critical zero day bugs, and 49 important flaws including 15 remote code execution vulnerabilities in Microsoft products.

However, the updates do not include the actively exploited Excel for macOS security feature bypass vulnerability.

A proof-of-concept for this low-complexity vulnerability has been published, but Microsoft has yet to release a security update that addresses the flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Exetel fined $694k over system 'vulnerability' for mobile number porting

Exetel fined $694k over system 'vulnerability' for mobile number porting

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Log In

  |  Forgot your password?