none
Banner Based Vulnerabilities for Microsoft Exchange smtpd RRS feed

  • Question

  • We recently deployed a Exchange 2016 server and ran a PCI scan.  We are getting the following vulnerability reported. We are running the latest Exchange Cumulative update 13.  Please advise ASAP what additional security update and/or changes we need to make as to remove this vulnerability 

    Title
    Banner Based Vulnerabilities for Microsoft Exchange smtpd
    Impact
    One or more vulnerabilities have been found that affect this service. Please see the relevant CVEs for more details.
    Resolution
    Apply the latest vendor patches to the Microsoft Exchange smtpd service running on port 25.
    Data Received

    cpe:/a:microsoft:exchange_server




    • Edited by NeilDT Friday, July 12, 2019 8:07 AM
    Friday, July 12, 2019 8:06 AM

All replies

  • I would ask the PCI vendor what they are referring to specifically and what should be applied. 
    Friday, July 12, 2019 11:45 AM
    Moderator
  • Some of the CVEs returned are

    CVE-2004-0574
    CVE-2004-0840
    CVE-2018-8154
    CVE-1999-0385
    CVE-2007-0213
    CVE-2018-8302

    • Edited by NeilDT Friday, July 12, 2019 11:54 AM
    Friday, July 12, 2019 11:52 AM
  • Dont know what those are, but if they are relevant and applicable then I guess you can install.

    personally, I think most of those PCI scan results are bogus and FUD, but thats just me.

    Those you listed are more than 15 years old, so I think that proves my point  :) 

    Friday, July 12, 2019 11:56 AM
    Moderator
  • I'm running Windows Server 2016 Standard with Exchange 2016.  Where do I need to look to download and install the relevant patches.
    Friday, July 12, 2019 11:59 AM
  • I'm running Windows Server 2016 Standard with Exchange 2016.  Where do I need to look to download and install the relevant patches.

    Windows Update really is what you should be looking at 

    All the ones you listed are really old or from last year. They wouldnt apply in most cases. I would push back on whoever did the PCI scan. 

    Friday, July 12, 2019 12:23 PM
    Moderator
  • I re-run Windows update, and there is no extra updates to install.  Basically, all that I'm wanting to do is disable the Exchange Banner, is that possible.
    Friday, July 12, 2019 12:47 PM
  • I re-run Windows update, and there is no extra updates to install.  Basically, all that I'm wanting to do is disable the Exchange Banner, is that possible.

    Well, thats not the same as a vulnerability.

    You can set the banner to anything you want

    Set-ReceiveConnector <identity> -Banner ""

    Friday, July 12, 2019 1:29 PM
    Moderator
  • Can anyone else offer some advise regarding how to resolve this issue of my PCI scan failing because of the 'Banner Based Vulnerabilities for Microsoft Exchange smtpd'
    Monday, July 15, 2019 8:53 AM
  • I think you already have your answer. Ask the support of whoever supports the PCI scan

    If they are calling the banners itself an issue:

    https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/modify-smtp-banners?view=exchserver-2019

    If they are referring to hiding server names in headers:

    https://practical365.com/exchange-server/remove-internal-exchange-server-names-ip-addresses-message-headers/

    Monday, July 15, 2019 10:20 AM
    Moderator
  • Hi NeilDT,

    I'm just writing to check how's everything going? If you have any questions or needed further help on this issue, please feel free to post back. If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well.

    Thanks for your understanding.


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com

    Tuesday, July 23, 2019 9:57 AM
    Moderator