Microsoft Exchange Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

Download:

Product Link
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21

4091243

Microsoft Exchange Server 2013 Cumulative Update 19

4092041

Microsoft Exchange Server 2013 Cumulative Update 20

4092041

Microsoft Exchange Server 2013 Service Pack 1

4092041

Microsoft Exchange Server 2016 Cumulative Update 8

4092041

Microsoft Exchange Server 2016 Cumulative Update 9

4092041

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4) 2.53 and previous versions

I wrote a script to do a simple ILO upgrade.

Download the latest firmware HERE

Download HPE Powershell module HERE

Find-HPiLO XXX.XXX.XXX.XXX-(Subnet Mask) | Where {$_.FWRI -lt 2.54 -AND $_.PN -like “*iLO 4*”} | Select -ExpandProperty HOSTNAME | Out-File c:\temp\ilo4.txt
$server = get-content c:\temp\ilo4.txt
$username = “Administrator”
$ilocreds = read-host “Please enter your password”
Update-HPiLOFirmware -Server $server -username $username -password $ilocreds  -Location X:\HP\ILO\ilo4_254.bin

Exchange 2010-2016 Security Fixes

Microsoft released security updates to fix a remote code execution vulnerability in
Exchange Server. The related knowledge base article is KB4018588.

More information is contained in the following Common Vulnerabilities and Exposures articles:

  • CVE-2017-8521 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8559 – Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-8560 – Microsoft Exchange Cross-Site Scripting Vulnerability

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security fix for the following product levels:

As you might notice, the security fix is made available for the N-1 builds of Exchange 2013 and Exchange 2016. This could imply the issue was addressed in the latest builds of those products. I hope to receive official confirmation on this soon.

The issue is deemed Important, which means organizations are advised to apply these updates at the earliest opportunity. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

Source

Important update for Azure Active Directory Connect – Version 1.1.553.0

Microsoft released Azure Active Directory Connect version 1.1.553.0 on June 26, 2017. More importantly, they published an important security advisory one day later.

Microsoft Security Advisory 4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege explains,

The [ADD Connect version 1.1.553.0] update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts. The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

Microsoft highly recommends all customers update to version 1.1.553.0 or later to mitigate this vulnerability, even if you don’t use the optional password writeback feature. If you are unable to update immediately, the article above describes mitigation steps you can consider.

  • If the AD DS account is a member of one or more on-premises AD privileged groups, consider removing the AD DS account from the groups.
  • If an on-premises AD administrator has previously created Control Access Rights on the adminSDHolder object for the AD DS account which permits Reset Password operation, consider removing it.
  • It may not always be possible to remove existing permissions granted to the AD DS account (for example, the AD DS account relies on the group membership for permissions required for other features such as Password synchronization or Exchange hybrid writeback). Consider creating a DENY ACE on the adminSDHolder object which disallows the AD DS account with Reset Password permission using Windows DSACLS tool.

Expta

MS16-108: Security update for Exchange Server 2007/2010/2013/2016

Summary

This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server computer. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.

More information about this security update

The following articles contain more information about this security update as it relates to individual product versions.

  • 3184736 MS16-108: Description of the security update for Exchange Server 2016 and Exchange Server 2013: September 13, 2016
  • 3184728 MS16-108: Update Rollup 15 for Exchange Server 2010 Service Pack 3: September 13, 2016
  • 3184711 MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016

MS16-010: Security update in Microsoft Exchange Server to address spoofing: January 12, 2016

This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if Outlook Web Access (OWA) doesn’t handle web requests, sanitize user input and email content correctly.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-010.

Download:
Microsoft Exchange Server 2013 Service Pack 1 (3124557)

Microsoft Exchange Server 2013 Cumulative Update 10 (3124557)

Microsoft Exchange Server 2013 Cumulative Update 11 (3124557)

Microsoft Exchange Server 2016 (3124557)

MS15-122 Security Update for Kerberos to Address Security Feature Bypass (Bitlocker)

This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.

This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.

The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3105256.

MS15-064 & Exchange 2013

Microsoft released a security update for Exchange 2013 to fix a new vulnerability. MS15-064 has a severity rating of ‘Important’.

Download the update for Exchange 2013 CU8 and Exchange 2013 SP1. More information:Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

KEMP Releases patch for Heartbleed Vulnerability

KEMP Releases patch for Heartbleed Vulnerability – CVE-2014-0160
Versions affected – v7.0-12a, v7.0-14a
Platforms affected – All LoadMasters
To confirm vulnerability you can visit  –  http://possible.lv/tools/hb/
Patches available at the locations below based on LoadMaster model. 

To patch to this version you must be running version 6.0-42 or later. If your firmware does not meet these requirements please contact support.

URLs:      
http://downloads.kemptechnologies.com/hotfixes/7.0-14b/7.0-Patch14b-LM2400-3600-5300-5400-5500-VLM200-2000-5000.bin

http://downloads.kemptechnologies.com/hotfixes/7.0-14b/7.0-Patch14b-LM2200-2600-EX-VLM100-1000.bin

http://downloads.kemptechnologies.com/hotfixes/7.0-14b/7.0-Patch14b-VLM-AZURE.bin
Username:    7.0-14b
Password:    8A5hR/5t0FVAI5+0

Update Rollup 8 for Exchange Server 2007 SP3

Update Rollup 8 for Exchange Server 2007 SP3 resolves the issues that are described in the following Microsoft Knowledge Base articles:

2699574 Microsoft Exchange Information Store service may stop responding when you perform a search on Exchange mailboxes in an Exchange Server 2007 environment

2701037 Events 4999 and 7034 are logged and the Microsoft Exchange Information Store service crashes on an Exchange Server 2007 mailbox server

2730089 Microsoft Exchange Information Store service may stop responding when you perform a search on Exchange mailboxes in an Exchange Server 2007 environment

2732525 Outlook keeps prompting you for credentials and incorrectly connects to an out-of-site global catalog after you install Update Rollup 6 for Exchange Server 2007 SP3.

Update Rollup 8 for Exchange Server 2007 SP3 also resolves the issue that is described in Microsoft Security Bulletin MS12-058.

For more information about Security Bulletin MS12-058, click the following article number to view the article in the Microsoft Knowledge Base: 2740358 MS12-058: Vulnerability in Microsoft Exchange Server WebReady document viewing could allow remote code execution: August 14, 2012

Download

Translate »