Microsoft Exchange Server is software that acts as an email server as well as a tool for managing corporate communications. It is designed to allow users to send and receive emails, manage calendars, contacts and tasks, as well as provide a variety of collaborative and resource management features within an organization.
During patch day in August 2023, Microsoft shipped a security update for Exchange Server installations which, however, today requires further intervention. The vulnerability in question is known as CVE-2023-21709: a unauthenticated attacker can leverage the flaw in Exchange Server to gain elevated privileges. The attack is by low complexity and does not require any user interaction.
The attack mechanism exploits the network and gives cybercriminals the opportunity to force passwords user accounts to impersonate the identity of others. For this reason, Microsoft encourages Exchange Server users to use complex passwordsmore difficult to overcome with type attacks brute-force.
A patch for Exchange Server a meta
In releasing the patch for the CVE-2023-21709 vulnerability, close to August 2023, Microsoft had specified that for correct the problem security IT administrators would have to manually remove the vulnerable module IIS Token Cache Windows or use this PowerShell script. Only in this way, by carrying out one of the two additional steps, the vulnerable Exchange Server servers would be effectively protected against the exploit noti.
Microsoft releases a better fix for Exchange Server systems
Coinciding with the October 2023 patch day, Microsoft has released a new update for Exchange Server that completely resolves the CVE-2023-21709 issue and does not require any intervention additional.
The new corrective patch for Microsoft IIS (CVE-2023-36434) released in October 2023 resolves one of the security issues affecting Exchange Server. Once the corrective update has been installed, the Redmond company continues, it is possible to reactivate the module Token Cache sui server Exchange.
What is IIS Token Cache and how to reactivate it
When a request is made to the server, the security credentials associated with the request (or anonymous user information) is automatically used to create a user token. The server uses this token utente when accessing files or other system resources. The token is stored in the so-called Token Cache so that login is only required the first time the user logs in to the system or after the user’s token is removed from the cache itself.
In cases where the cache does not contain a token for the incoming request, IIS must call the process
lsass.exe to get a valid token. This operation is obviously expensive from a performance and scalability point of view. So, after applying the Microsoft October patch intended for IIS, you can re-enable it Token Cache.
To reactivate Token Cachesimply open one finestra PowerShell with administrator rights then type the following:
New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll"
For administrators who have yet to patch the CVE-2023-21709 vulnerability released in August, Microsoft recommends simply installing the October 2023 security updates for Windows Serverwithout taking any further steps.