Shulou(Shulou.com)06/02 Report--

Part one: problems solved by CU26

Microsoft's Exchange was previously exposed to a * * F vulnerability numbered as CVE-2018-8581. This CVE can result in the following two * scenarios:

* * solution 1: * * users take over the inbox of anyone in the network if they have a mailbox permission on the target network, resulting in serious information disclosure.

* * solution 2: * * users can take advantage of this vulnerability to directly control the Windows domain in the target network and then control all Windows machines in the domain.

Microsoft officially released mitigation measures a few months ago to try to fix scenario 1, which was assessed by A-TEAM and found a problem (which was subsequently assigned a new vulnerability number CVE-2019-0686) and submitted to Microsoft's official SRC along with scenario II (which was subsequently assigned vulnerability number CVE-2019-0724). Recently, Microsoft officially released a new security patch to fully fix CVE-2018-8581, CVE-2019-0686 and CVE-2019-0724, and exclusively thanked 360 A-TEAM in its official documentation.

Https://mp.weixin.qq.com/s/A138Bn5KLklRlb-Z_vodyg

Today, Microsoft released a security update to the previous Exchange security vulnerability, CVE-2018-8581, as scheduled. In this update, after a thorough evaluation and testing, the product group decides to adjust the architecture of the EWS Push Notification function, disabling authentication when initiated by the server, and only anonymous authentication is allowed. If you have an application that uses EWS Push notification, please pay attention to testing it. For more information about this patch update, please refer to the official BLOG article:

Https://blogs.technet.microsoft.com/exchange/2019/02/12/released-february-2019-quarterly-exchange-updates/

Part 2: here are the specific steps for installing CU26

First download and copy the CU patch to the Exchange 2010 server. My installation order of Exchange 2010 in POC environment is: first CAS+HUB, then MBX; first main site, then disaster recovery site.

Https://support.microsoft.com/zh-cn/help/4487052/update-rollup-26-for-exchange-server-2010-service-pack-3

The following three links are for Exchange 2013 / 2016 / 2019

Https://support.microsoft.com/zh-cn/help/4345836/cumulative-update-22-for-exchange-server-2013

Https://support.microsoft.com/zh-cn/help/4471392/cumulative-update-12-for-exchange-server-2016

Https://support.microsoft.com/zh-cn/help/4471391/cumulative-update-1-for-exchange-server-2019

After the download is complete, copy the patch to the POC environment, press and hold the keyboard shift key, right-click the patch and select "copy as path", as shown in the figure.

Then open CMD as an administrator, paste the path and enter to execute, as shown in the figure.

Select Next, as shown in the figure.

Choose to accept the license terms, as shown in the figure.

Continue selecting Next, as shown in the figure.

Start the installation, as shown.

The installation is complete, prompting you to restart the system, as shown in the figure.

When all CU installations are complete, you need to check whether the following items are normal (basic check):

0) check whether the version number is correct

The first way is to open the local powershell of exchange and run the following command to view

The second way is to view the versions of all servers in EMS

Get-ExchangeServer | Sort-Object Name | ForEach {Invoke-Command-ComputerName $_ .Name-ScriptBlock {Get-Command ExSetup.exe | ForEach {$_ .FileVersionInfo} | Format-Table-Auto

For more information about the version number of each CU version of exchange 2010, please see:

Exchange Server build number and release date | Microsoft Docs https://docs.microsoft.com/zh-cn/Exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019

1) Open services.msc to check whether the local exchange service is working (pay attention to the form service)

2) check whether the front-end IIS service is working.

3) check whether the transceiver and configuration of OWA, outlook and mobile email are normal

4) View backend DAG replication status, database mount status, queue status, etc.

5) View cluster status, PAM, witness, etc.

6) check the event Viewer to ensure that no new error is generated

Part III: problems encountered

1) when installing CU26 at the backend, you are prompted to install C++ 2013 first.

Download address: https://www.microsoft.com/zh-CN/download/details.aspx?id=40784

For more information, please follow the author's official Wechat account.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.