Microsoft Exchange Server KB5000871

Hi,

I’ve tested 2 exchange servers (one patched and one unpatched), but neither one showed anything in the scan report related to the latest MS exchange vulnerability from March 2nd 2021 (KB5000871), see https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Does greenbone/openvas not yet detect this? The CVE’s are already there in the feed (that I was able to verofy), but in the report for a server there was nothing in the CVE section nor in the “closed cve” section.
Any hints on this?

With friendly regards,
Franky

Hi,

The recent Exchange vulnerabilities are covered already by authenticated, unauthenticated and active remote checks. However these VTS are only available in the GSF and not in the community feed.

2 Likes

Is there an option to get access to the GSF without buying an appliance?

Use Greenbone as a service on a monthly subscription based service. GMSP uses the same GSF like the virtual/physical appliances.

https://www.greenbone.net/en/gmsp/

2 Likes

Lukas,
Thanks. I took a look at this, but it seems the service is for GVM running in the cloud? I don’t see an option to just pay for access to the more updated feed. Which is what I would like to be able to do.

Is this NVT ever going to be released in the Community Feed?

As Microsoft Exchange is more an enterprise product (yes, some SOHO might running it as well but overall it is an Enterprise product) there are AFAIK no plans to make the related VTs available in the community feed.

2 Likes

That’s disappointing. I can understand and respect the business model behind having the most recent NVTs in a paid only feed, but expected anything that went into that feed would eventually be moved into the community feed. I also find it rather irresponsible in a community sense that a vulnerability such as this would NOT be released into the community. For the same reason you state. There are probably not that many MS Exchange servers in the SOHO environment. But those environments are the ones that would most need to have this NVT to let them know they have a serious vulnerability as they are less likely to have someone paying close attention to cyber security news. Especially with the level of activity this vulnerability is seeing from the cybercrime arena. You’re also making what I think is an incorrect assumption that the community edition is only being used in SOHO environments. I would rather expect the responsible thing to do would be to release NVTs for the more serious vulnerability to the community faster than normal. In the end, that sort of activity would benefit the community as whole and as a bonus would be an excellent PR move for Greenbone.

Can’t say much on the other parts because it is not my decision which VTs are reaching which feed. :slightly_frowning_face:

I just wanted to clarify this:

I never have written that the community edition is only being used in SOHO environments. I only pointed out that VTs which are targeting vulnerabilities for Enterprise products (Microsoft Exchange is definitely one of such products. But there is a slight chance that it is running on SOHO environments as well, this was what i have written but could have been misunderstood) will only put into the commercial GSF feed.

AFAIK this is clearly defined in various online resources provided by Greenbone. If you like i could post them on request.

2 Likes

Understood. I guess it was an incorrect leap on my part regarding the use of GVM only in SOHO.

If you could please post those links, I would appreciate it.

Thank you.

Our virtual machine GSM Trial (formally known as Greenbone Community Edition) is only a testing version for private personal usage. It is NOT intended to be used in companies or enterprise environments.

The Greenbone Community Feed has no guarantees about inclusion of any VT and timelines. If you are in a professional environment and have such a requirement you should really think about using one of our products.

Despite personally I would love to see this specific VT in the community edition we have clearly stated that enterprise software is only covered in our paid product. This is common problem having a business with free software. If you are using our completely free version there is a downside.

5 Likes

While I accept this reasoning, buying the product is very difficult from your site. Apparently one needs to go via a partner to get a price quote. If buying the product directly from Greenbone is possible, please do provide me with the details on how to do that.

I am sure that if you contact greenbone sales, you will get a quote. AFAIK just write to sales@greenbone.net.

5 Likes

While I accept this reasoning, buying the product is very difficult from your site. Apparently one needs to go via a partner to get a price quote. If buying the product directly from Greenbone is possible, please do provide me with the details on how to do that.

Please send your inquiry to sales@greenbone.net - our sales team will be happy to help you with any questions regarding our product lines and pricing.

Kind regards,
Lena

3 Likes

Sure, here we go (i might have missed a few):

However, the GCF receives no new NVTs for features for enterprise environments since September 4th 2017. This distinction is regarded an adequate balance between community needs and commercial needs.

from About Greenbone Community Feed (GCF)

GCF: Constantly/daily, but without enterprise features (page 4)
GCF: VTs for Enterprise Products -> No (page 4)

from https://www.greenbone.net/wp-content/uploads/Solution_Comparison_EN.pdf which is linked at About the Feed Services (GCF & GSF) category.

The same two items are also available on the following feed comparison (GSF vs. GCF) page:

https://www.greenbone.net/en/security-feed/

3 Likes

Hi @immauss - thank you for your interest in our products and services! If you only want to test the security feed to check if it finds the MS Exchange vulnerability on your devices, then you can request a test key here and test the feed 14 days for free! Free Trial - Greenbone Networks
In case you are interested in a professional or long-term solution, please contact sales@greenbone.net - they will be happy to help you.

2 Likes