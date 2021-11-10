Microsoft pushes patch for exploited flaw in on-prem Exchange

By on
Microsoft pushes patch for exploited flaw in on-prem Exchange

Exchange Server 2013, 2016 and 2019 under attack.

Microsoft is urging Exchange Server administrators to patch their on-premises instances of the communications, calendaring and collaboration software as soon as possible, to handle a post-authentication vulnerability that is being actively exploited.

Exchange Servers running in Hybrid mode are also affected, Microsoft said in its advisory.

Users of Exchange 2013 CU23 who get patches via the Windows Server Update Services (WSUS) could see an error 0x80070643, event ID 20, in their log files.

Microsoft said it's working on fixing that error as soon as possible.

Users can run a PowerShell script to check if exploit attempts have been made against their servers:

Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }

The November Patch Wednesday updates address six critical zero day bugs, and 49 important flaws including 15 remote code execution vulnerabilities in Microsoft products.

However, the updates do not include the actively exploited Excel for macOS security feature bypass vulnerability.

A proof-of-concept for this low-complexity vulnerability has been published, but Microsoft has yet to release a security update that addresses the flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
excel exchange server microsoft security software vulnerabilities

Sponsored Whitepapers

5 challenges to keeping application environments secure
5 challenges to keeping application environments secure
How Tomago made SAP HANA sing
How Tomago made SAP HANA sing
Save up to 10% on your public cloud costs
Save up to 10% on your public cloud costs
Build a strong foundation for security and compliance with digital document processes
Build a strong foundation for security and compliance with digital document processes
The ultimate guide to customer IAM
The ultimate guide to customer IAM

Events

Most Read Articles

NBN Co offers to upgrade up to 6000 FTTN customers from this month

NBN Co offers to upgrade up to 6000 FTTN customers from this month
WA Health CIO resigns just 10 months in

WA Health CIO resigns just 10 months in
Telstra to open its 5G-powered internet service to more users

Telstra to open its 5G-powered internet service to more users
ANZ Banking Group shows off its 'API Mesh'

ANZ Banking Group shows off its 'API Mesh'

Digital Nation

Case Study: Customer Loyalty, channel harmonisation bolstered Country Road through the pandemic
Case Study: Customer Loyalty, channel harmonisation bolstered Country Road through the pandemic
Digital transformation delivers a great lurch forward, and a reckoning on purpose
Digital transformation delivers a great lurch forward, and a reckoning on purpose
Australia's international student applications crash, while US, UK and Canada surge
Australia's international student applications crash, while US, UK and Canada surge
"Kill all you see." The tragic, real world consequences of Facebook&#8217;s algorithms
"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
Cover Story: How the best run global supply chains mitigate pandemic chaos
Cover Story: How the best run global supply chains mitigate pandemic chaos

Log In

Email:
Password:
  |  Forgot your password?