Microsoft has to roll out a patch for Exchange for the second Tuesday in a row. The first update didn’t seem to work properly on non-English operating systems.

August 15 was not a day off for Microsoft’s security teams. The second Tuesday of the month is traditionally Patch Tuesday at Microsoft, which is why Microsoft rolled out a security update for Exchange last week. Since it wasn’t working as it should, Microsoft now had to release an update on the third Tuesday of the month as well.

In the original version, Microsoft briefly forgot that there were other languages ​​besides English. Installation aborted unexpectedly on Exchange servers with non-English operating systems. Microsoft is now releasing a second version of the security update. For the sake of clarity, this is not a cumulative but an additional update. Anyone who was able to successfully install the first version has until the second Tuesday in September.

The update provides protection against the CVE-2023-21709 vulnerability. The rating is 9.8 on a scale of 10, indicating a high level of seriousness. Attackers who successfully exploited the vulnerability could log into the victim’s Microsoft account. In other words: It is advisable to implement the update quickly, regardless of the language.

Under fire

Microsoft has its hands full to close vulnerabilities in Exchange. The mail server is often a popular target for hackers who want to conduct a spy attack because it provides direct access to a person’s mail traffic. This was the case recently with a Chinese hacker espionage scandal that caused a stir, especially on the other side of the Atlantic.

Microsoft has been criticized from several quarters for being too lax about the vulnerability that the attackers were able to exploit. The fact that only companies with the most expensive Enterprise subscription have the resources to detect the attack further fueled the fire. Microsoft can no longer afford to leak Exchange.