Security News > 2023 > October > Microsoft Exchange gets ‘better’ patch to mitigate critical bug

Microsoft Exchange gets ‘better’ patch to mitigate critical bug
2023-10-10 20:03

The Exchange Team asked admins to deploy a new and "Better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August.

Tracked as CVE-2023-21709 and patched during August 2023 Patch Tuesday, the security flaw enables unauthenticated attackers to escalate privileges on unpatched Exchange servers in low-complexity attacks that don't require user interaction.

"In a network-based attack, an attacker could brute force user account passwords to log in as that user. Microsoft encourages the use of strong passwords that are more difficult for an attacker to brute force," Microsoft explained.

As part of this month's Patch Tuesday, Microsoft has now released a new security update that fully addresses the CVE-2023-21709 flaw and doesn't require any additional steps.

The October 2023 Patch Tuesday security updates patched 104 flaws, 12 rated critical and three tagged as zero-day vulnerabilities actively exploited in attacks.

Microsoft refused to patch one of them, a Skype for Business Elevation of Privilege Vulnerability tracked as CVE-2023-41763 and disclosed by Dr. Florian Hauser in September 2022, until today, even though attackers can exploit it to gain access to systems on internal networks.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-exchange-gets-better-patch-to-mitigate-critical-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-41763 Unspecified vulnerability in Microsoft Skype for Business Server 2015/2019
Skype for Business Elevation of Privilege Vulnerability
network
low complexity
microsoft
5.3
2023-08-08 CVE-2023-21709 Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft Exchange Server 2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-307
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 669 799 4411 4070 3689 12969