You may notice some articles displaying content inconsistently. Pardon our dust as we update our site.
cross icon
Workaround for Microsoft Security Advisory ADV190007 Impacts the Hybrid Calendar Service
list-menuFeedback?
Microsoft Security Advisory ADV190007 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007) indicates a workaround to address "PrivExchange" Elevation of Privilege Vulnerability. The suggested Microsoft workaround (setting a Throttling Policy for EWSMaxSubscriptions with a value of zero) would have an adverse effect on the Cisco Webex Hybrid Calendar Service.

Workaround for Microsoft Security Advisory ADV190007 impacts the Hybrid Calendar Service

Problems with Hybrid Calendar Service Due to Microsoft Security Advisory ADV1900007

 

Microsoft Security Advisory ADV190007 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007) indicates a workaround to address "PrivExchange" Elevation of Privilege Vulnerability. The suggested Microsoft workaround (setting a Throttling Policy for EWSMaxSubscriptions with a value of zero) would have an adverse effect on the Cisco Webex Hybrid Calendar Service.

The effects may include the following:

  • Users may not see meeting updates, and so @webex/@meet could not get processed
  • One Button to Push (OBTP) and meeting list entries may not appear

To address the vulnerability without impacting the Hybrid Calendar Service, apply the appropriate Security Update for your version of Microsoft Exchange Server as listed in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007.

The Hybrid Calendar Service uses streaming notifications rather than push notifications where the vulnerability lies. However, the workaround has a broader impact than just push notifications.

Was this article helpful?
Was this article helpful?