Please review that blog post for details and timelines and read AES256-CBC support for Microsoft 365 documentation. If you do not know what that is, Exchange Online CBC encryption changes should not apply to you:Īs announced in the Encryption algorithm changes in Microsoft Purview Information Protection blog post, Exchange Server August 2023 SUs contain updates that enable customers who use Exchange Server on-premises to continue decrypting content protected by Purview sensitivity labels or Active Directory Rights Management Services. This section applies only to our customers who use Exchange Server and either Azure or AD Rights Management Service (RMS). Support for change of default encryption algorithm in Microsoft Purview Information Protection We recommend updating to August SU first and then running the script. We have validated the script and CVE resolution on supported versions of Exchange Server only. The script and its documentation can be found here. To address CVE-2023-21709, administrators must perform additional actions and can run the CVE-2023-21709.ps1 script that we have released. More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family). Exchange Online customers are already protected from the vulnerabilities addressed by these SUs and do not need to take any action other than updating any Exchange servers or Exchange Management tools workstations in their environment. These vulnerabilities affect Exchange Server. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment. The August 2023 SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. SUs are available for the following specific versions of Exchange Server (download links are updated for re-released SUs): Microsoft has released Security Updates (SUs) for vulnerabilities found in: If you did not install August SUs yet, please do so now. They were all addressed in our August 2023 SU (more information here). Update : As a part of the September 2023 "Patch Tuesday" we have released a few more Exchange Server CVEs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |