back to article Microsoft takes another run at closing Exchange brute-force security hole

Microsoft has issued a fresh update to address an old vulnerability affecting Exchange Server 2019 and 2016 while its online service has problems of its own. According to Microsoft, the update is another attempt at fixing CVE-2023-21709, an elevation-of-privilege vulnerability with a relatively straightforward exploitation …

  1. Pascal Monett Silver badge

    Hope springs eternal

    Given that everything old comes back again, I can't wait for all this Online malarky to be folded back into local servers.

    Because I dearly hope that CxOs will tire of relying on Borkzilla's ceaselessly failing infrastructure.

    Maybe they'll even go for something else entirely. There has to be something else than Exchange in this world, no ?

    Please ?

    1. Lee D Silver badge

      Re: Hope springs eternal

      You need to come up with a catchy name first, some sort of "local cloud" pun.

      "Run your own Drizzle server" or something like that.

      1. katrinab Silver badge

        Re: Hope springs eternal

        I think they call it “Edge computing”?

    2. jpennycook

      Re: Hope springs eternal

      Hopefully someone will need my Lotus Domino and Notes skills before I completely forget them. R5 was almost usable by end users.

      1. Kevin Johnston

        Re: Hope springs eternal

        I always considered it a shame that people were happy to write really complex applications for their business needs but would use the sample user mail template 'out of the box' and then whinge it was too clumsy/ugly.....Well write your own then, it is actually very very simple

  2. 43300 Silver badge

    The service health pages in M36x are reporting that the issue has now been resolved.

    And on the subject of Patch Tuesday emissions, has anyone else noticed that this month's has delivered some nag icons to Windows Server 2022 - start menu and system tray - to try to get you to enrol the devices in Azure Arc?

    So far as I can see it is only the 2022 version (not 2016 and 2019), and the icons only appear if the Windiws instance is running on-prem (bare meta or VM). Doesn't appear in Azure VMs, as would be expected. No idea what happens with those on other cloudy platforms.

    1. Anonymous Coward
      Anonymous Coward

      Is that in the Security Only updates?

      1. 43300 Silver badge

        Not actually sure - I didn't check which specific update dumped it there, other than that it was one of this Tuesday's batch.

        1. 43300 Silver badge

          Just to add, looks like it's this one:

          Found a site with some screenshots here:

          1. katrinab Silver badge

            Remove-WindowsFeature AzureArcSetup

            followed by a reboot seems to take care of it.

            1. 43300 Silver badge

              Yeah, it does - I've just been testing as well!

    2. NoneSuch Silver badge

      "Microsoft, in its note on the issue, said the root cause of the outage was: "A recent service update, applied to a section of infrastructure responsible for enforcing IP address anti-spam rules, contains a change which is inadvertently causing impact."

      Make of that what you will, and the use of the word "inadvertently."

      "Inadvertently" - Another anonymous MS Engineer applied another Powershell script he shouldn't have. Why have on-prem where you can run your own systems in a stable manner when you can pay Microsoft to f*** up your core contact with clients monthly?

      1. 43300 Silver badge

        A recent service update, recent code change, etc - nearly every day there are advisories like this from MS!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like