Microsoft pushes patch for exploited flaw in on-prem Exchange

By on
Microsoft pushes patch for exploited flaw in on-prem Exchange

Exchange Server 2013, 2016 and 2019 under attack.

Microsoft is urging Exchange Server administrators to patch their on-premises instances of the communications, calendaring and collaboration software as soon as possible, to handle a post-authentication vulnerability that is being actively exploited.

Exchange Servers running in Hybrid mode are also affected, Microsoft said in its advisory.

Users of Exchange 2013 CU23 who get patches via the Windows Server Update Services (WSUS) could see an error 0x80070643, event ID 20, in their log files.

Microsoft said it's working on fixing that error as soon as possible.

Users can run a PowerShell script to check if exploit attempts have been made against their servers:

Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }

The November Patch Wednesday updates address six critical zero day bugs, and 49 important flaws including 15 remote code execution vulnerabilities in Microsoft products.

However, the updates do not include the actively exploited Excel for macOS security feature bypass vulnerability.

A proof-of-concept for this low-complexity vulnerability has been published, but Microsoft has yet to release a security update that addresses the flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?