Nessus Says "(Security Updates for Exchange (Jun 2018)" in Exchange 2016 (CU17) High Vulnerability Hello Support,

Sathishkumar Singh 386 Reputation points
2021-02-22T08:24:18.203+00:00

Hello Support,

My Exchange Sever 2016 (CU17)
When i run Nessus tool says that "Security Updates for Exchange (Jun 2018)"

https://www.tenable.com/plugins/nessus/110642

How to fix this issue without any impact

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
3,367 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Cheong00 3,446 Reputation points
    2021-02-22T10:05:36.933+00:00

    Unlike your previous question on disabling plaintext login on POP3, to fix this vulnerability you have to install patches from Microsoft and it always involve the risks of breaking things. (Especially when KB4295699 is update rollup that includes multiple updates)

    The only advice I can give you is to setup test installation (by cloning the production server) to an isolated environment, then install the update and test various functions, and see if anything breaks.

    However quick search on KB4295699/KB4099855/KB4099852 didn't return any cry-out for fails, so if the patch can be installed it should be safe.

    ======

    Btw, the next time you see issues returned by Nessus, why don't you try do your homework to decide whether you should install the fix or not? IMO this is what your employer pays your salary for. Setup test environment, plan ahead for test-case to be included, validate updates, and plan how to execute the updates are all essential skillsets for MIS staffs.

    0 comments
  2. Kael Yao-MSFT 26,391 Reputation points Microsoft Vendor
    2021-02-23T03:14:50.43+00:00

    Hi, @SathishkumarSingh-0068

    According to the link, your Exchange server should install:
    KB4295699(Update Rollup 22 for Exchange Server 2010 Service Pack 3)
    KB4099855 (Cumulative Update 21 for Exchange Server 2013)
    KB4099852(Cumulative Update 10 for Exchange Server 2016)

    And since you are using Exchange 2016, it may indicate you to install KB4099852(upgrade to CU10)

    However,CU10 is a previous version compared to your current version(CU17).
    And all the update should have been contained in CU17.
    70892-43.png
    I suppose that the problem may be with the Nessus tool and it is recommended to contact the Nessus support for help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.