{"id":13450,"date":"2020-03-02T00:39:50","date_gmt":"2020-03-01T23:39:50","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13450"},"modified":"2021-12-17T18:36:51","modified_gmt":"2021-12-17T17:36:51","slug":"exchange-server-2013-issue-with-security-update-kb4536988","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/03\/02\/exchange-server-2013-issue-with-security-update-kb4536988\/","title":{"rendered":"Exchange Server 2013: Issue with Security Update KB4536988"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/07\/Office1.jpg\" width=\"55\" align=\"left\" height=\"60\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/03\/02\/exchange-server-2013-problem-mit-sicherheitsupdate-kb4536988-feb-2020\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]When you install security update KB4536988 (Feb. 2020) to close the vulnerability CVE-2020-0688, Exchange Server 2013 may experience an issue that was described a year ago in Exchange Server 2016. <\/p>\n<p><!--more--><\/p>\n<h2>Security Update KB4536988 (Feb. 2020)<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/da622b937d8b45e49ad0e902bd625c1c\" width=\"1\" height=\"1\">On February 11, 2020, Microsoft released security update <a href=\"https:\/\/support.microsoft.com\/help\/4536988\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4536988<\/a> for Microsoft Exchange Server 2013. This is an update rollup that is intended to fix the following vulnerabilities in Microsoft Exchange. <\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-0692\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-0692 | Microsoft Exchange Server Elevation of Privilege Vulnerability<\/a>\n<li><a href=\"https:\/\/web.archive.org\/web\/20201101012639\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0688\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability<\/a><\/li>\n<\/ul>\n<p>This update also fixes the following issue: <a href=\"https:\/\/support.microsoft.com\/de-de\/help\/4540267\" target=\"_blank\" rel=\"noopener noreferrer\">4540267<\/a> Crash of MSExchangeDelivery.exe or EdgeTransport.exe in Exchange Server 2013 and Exchange Server 2010 This security update should be installed in a timely manner because there are attacks against unpatched Exchange Servers (see links at the end of this article).  <\/p>\n<h2>Issues with Update Installation<\/h2>\n<p>However, the update is not without its challenges for Exchange administrators. In the blog post <a href=\"https:\/\/borncity.com\/win\/2020\/02\/15\/exchange-server-2013-mail-issues-after-update\/\">Exchange Server 2013 Mail issues after Feb. 2020 Update<\/a> I had already reported about issues a reader got after installing the update. Doesn't seem to be an isolated case. <\/p>\n<p>In addition, <a href=\"https:\/\/support.microsoft.com\/help\/4536988\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4536988<\/a> already lists some known issues. Double-clicking in 'normal mode' will not install all files. The administrator must start the update by clicking Run as administrator to run it.  <\/p>\n<h2>Another issues with this update<\/h2>\n<p>At the weekend I came across the tweet of blog reader Karl, which points out another problem.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/MSFTExchange?ref_src=twsrc%5Etfw\">@MSFTExchange<\/a> installing the KB patch to close <a href=\"https:\/\/twitter.com\/hashtag\/CVE?src=hash&amp;ref_src=twsrc%5Etfw\">#CVE<\/a>-20200688 on Exch Server 2013 CU23 \/ .Net 4.8 might spawn an issue found in Exch Server 2016<br \/>ECP \/ OWA affected.<a href=\"https:\/\/twitter.com\/hashtag\/pqtchday?src=hash&amp;ref_src=twsrc%5Etfw\">#pqtchday<\/a><br \/>Are you aware of this? <br \/>Workaround :<a href=\"https:\/\/t.co\/KawwHaAh0i\">https:\/\/t.co\/KawwHaAh0i<\/a><\/p>\n<p>\u2014 al Qamar (Karl Wester-Ebbinghaus) (@tweet_alqamar) <a href=\"https:\/\/twitter.com\/tweet_alqamar\/status\/1234017460933857280?ref_src=twsrc%5Etfw\">March 1, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preservec665249ccdac4d4182e583b7bf33a639\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Attempting to install security update <a href=\"https:\/\/support.microsoft.com\/help\/4536988\/\" target=\"_blank\" rel=\"noopener noreferrer\">KB4536988<\/a> to close the CVE-2020-0688 vulnerability on an Exchange Server 2013 CU23 with .NET Framework 4.8 may result in a server failure in applications such as OWA or ECP. There an error message of type:<\/p>\n<blockquote>\n<p>The file or assembly \"Microsoft.Exchange.Common, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\u2033 or a dependency on it was not found. The system cannot find the specified file\" and OWA \"<\/p>\n<p>:-( Something didn't work out.<br \/>Your request could not be completed. HTTP status code: 500.<\/p>\n<\/blockquote>\n<p>Frank Z\u00f6chling has published a year ago a German blog post <a href=\"https:\/\/www.frankysweb.de\/exchange-2016-serverfehler-in-anwendung-owa-und-oder-ecp\/amp\/\" target=\"_blank\" rel=\"noopener noreferrer\">Exchange 2016: Serverfehler in Anwendung (OWA und\/oder ECP)<\/a>. It describes exactly this error with Microsoft Exchange Server 2016 including a workaround. On Twitter I saw that a concerned person writes that the workaround of Frank helps. <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2020\/02\/28\/attack-to-unpatched-exchange-servers-cve-2020-0688\/\">Attack to unpatched Exchange Servers (CVE-2020-0688)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/02\/27\/security-information-for-linux-and-exchange\/\">Security information for Linux and Exchange<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/02\/15\/exchange-server-2013-mail-issues-after-update\/\">Exchange Server 2013 Mail issues after Feb. 2020 Update<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]When you install security update KB4536988 (Feb. 2020) to close the vulnerability CVE-2020-0688, Exchange Server 2013 may experience an issue that was described a year ago in Exchange Server 2016.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,11,580,1547,22],"tags":[1692,2306,69,195],"class_list":["post-13450","post","type-post","status-publish","format-standard","hentry","category-issue","category-office","category-security","category-software","category-update","tag-exchange-server","tag-kb4536988","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13450"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13450\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}