Two vulnerabilities in Exchange Server 2016 and Exchange Server 2019 are closed with corresponding security updates. These are the two vulnerabilities in question:
- CVE-2019-1233Microsoft Exchange Denial of Service Vulnerability
- CVE-2019-1266Microsoft Exchange Spoofing Vulnerability
Both vulnerabilities have the rating "Important". Details on the vulnerabilities can be found under the links above. The updates for the corresponding Exchange versions can be downloaded directly here:
- Exchange Server 2019 CU2
- Exchange Server 2019 CU1
- Exchange Server 2016 CU13
- Exchange Server 2016 CU12
Note: The updates relate to the respective CU level of the Exchange Server. This does not mean that the vulnerability is not present in earlier versions. Microsoft only supports the current CU and the previous CU. For example, there are updates for Exchange 2016 CU13 and CU12, but none for Exchange 2016 CU11. The corresponding current CU must therefore be installed first. Once the CU has been installed, the security updates must then be installed.
– Exchange2016-KB4515832-x64-en erfolgreich auf CU12 installiert!
– Dienst HostControllerService ist nach dem Neustart auf Status Startup type: Disabled!
– Der Dienst kann aber problemlos gestartet werden!
Aha, wie praktisch – denn es gibt ja das hier:
https://www.frankysweb.de/exchange-2016-serverfehler-in-anwendung-owa-und-oder-ecp/
Merci!
Upps – nach der Installation des Patches auf einem 2016-Server mit Ex2016 geht OWA nicht mehr.
Nur noch die Anmeldung, dann kommt das:
:-(
Something went wrong
Your request couldn’t be completed. HTTP Status code: 500.
X-ClientId: 7C1AD9545DE24A8A9849E160D59C9017
request-id cc7b54bc-a5ef-4963-93e5-941c1daf6995
X-OWA-Error System.Web.HttpUnhandledException
X-OWA-Version 15.1.1779.5
X-FEServer XSERVER
X-BEServer XSERVER
Date:17/09/2019 05:56:41
InnerException: System.IO.DirectoryNotFoundException