Today, Windows team has released the IIS fix for root cause of this vulnerability, in the form of fix for CVE-2023-36434. More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family).ĬVE-2023-21709 now has a better solution: install update for CVE-2023-36434ĭuring the release of August 2023 SUs, we recommended to use a manual or scripted solution and disable the IIS Token Cache module as a way of addressing CVE-2023-21709. Exchange Online customers are already protected from the vulnerabilities addressed by these SUs and do not need to take any action other than updating any Exchange servers or Exchange Management tools workstations in their environment. These vulnerabilities affect Exchange Server. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment. The October 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. SUs are available for the following specific versions of Exchange Server: Microsoft has released Security Updates (SUs) for vulnerabilities found in:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |