The Exchange Asks Administrators to Establish a New Correction for Critical Microsoft Exchange Server Vulnerability
The Exchange asks administrators to establish a new correction for the critical vulnerability of Microsoft Exchange Server, which was first eliminated in August.
Vulnerability designated as cve-2023-21709 and corrected in August of this year, within the framework of one of the past “Tuesdays”, it allows non-refracted attackers to strengthen their privileges on unprotected Exchange.
“During a network attack, an attacker can hack the user account for entering the system under this name. Microsoft encourages the use of reliable passwords that it is more difficult for the attacker to hack,” the company explained.
Despite the released security updates, Microsoft has also notified Exchange administrators about the need for a vulnerable Windows IIS Token Cache module manually or using a special PowerShell script to protect its servers from attacks.
In the last Patch Tuesday of October 10, Microsoft released a new security update (CVE-2023-36434), which completely eliminates the vulnerability of CVE-2023-21709 without the need to perform additional actions.
“Today, the Windows team has released the correction for IIS, which eliminates the root cause of this vulnerability,” said Exchange.
The administrators who have previously deleted the Windows IIS Token Cache module will now have to install the latest security updates, and then turn on the IIS module using this command in PowerShell (with increased rights):
New -Webglobalmodule -Name Tokencamhemodule “-image”%Windir% System32 IntSRV CACHTOKN.DLL “
Those administrators who have not yet installed safety updates from August must necessarily install Windows Server security updates for October.
“We make updates to all the documentation and scripts associated with August 2023, as well as a means of verification of performance to reflect our new recommendation,” added Microsoft.
The latest security updates in the framework of Patch Tuesday or the so-called “Tuesday of corrections” for October this year eliminated 104 vulnerability, of which 12 are evaluated as critical, and 3 more are marked as zero-day, actively used in real attacks.
It is noteworthy that Microsoft