Malwarebytes blogMALWAREBYTES:3D1E25F034EE144A2D4C3D7F4D0C2B6CExchange Server security updates updated
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.2%
Microsoft has re-released the August 2023 Security Updates (SUs) for Exchange Server. The original release of the SUs, from August 8 2023, had a localization issue with Exchange Server running on a non-English Operating Systems (OSes) that caused Setup to stop unexpectedly, leaving Exchange services in a disabled state.
Exchange Online users are already protected from the vulnerabilities addressed by these Security Updates and do not need to take any action other than updating any Exchange servers or Exchange Management tools workstations in their environment.
This patch comes with a complicated table of recommended actions, in which version 1 is the original August 2023 SU and version 2 is the re-released August 2023 SU. Microsoft says:
- If you successfully installed version 1 without problems, no further action is needed.
- If you installed version 1 automatically without any problems or issues, version 2 will be downloaded automatically.
- If the installation of version 1 failed, leaving Exchange services disabled, and you restarted the Exchange services without installing version 1 again, you should install version 2.
- If the installation of version 1 failed, leaving Exchange services disabled, you restarted the Exchange services, and you used the workaround to manually create a "Network Service" account and then installed version 1, you should:
- Uninstall version 1 and reboot.
- Remove the manually created "Network Service" account (if it still exists).
- Install version 2.
If version 1 was never installed, you can skip straight to version 2. Although there is no reason to suspect there are active exploits in the wild, we still recommend to do this as soon as possible to protect your environment. Exchange Servers are attractive targets for cybercriminals.
The vulnerability fixed by the security update, listed as CVE-2023-21709, required users to run a script in addition to installing the update. If you took the extra steps needed to address CVE-2023-21709 none of the actions above will undo them, so you do not have to repeat or undo them at any point. But again, if you haven't done it yet, you should do so as soon as possible.
We don't just report on vulnerabilities–we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.2%