KLA10658
Multiple vulnerabilities in Microsoft Exchange Server
Updated: 06/01/2019
Detect date
?
09/08/2015
Severity
?
Warning
Description

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper web request handling at Outlook Web Access can be exploited remotely via a specially designed web application request to obtain sensitive information;
  2. Improper emails sanitization at Outlook Web Access can be exploited remotely via a specially designed email to spoof user interface.
Affected products

Exchange Server 2013 Cumulative Update 8
Exchange Server 2013 Cumulative Update 9
Exchange Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2015-2544
CVE-2015-2505
CVE-2015-2543

Impacts
?
OSI 
[?]

SUI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2015-25444.3Warning
CVE-2015-25055.0Critical
CVE-2015-25434.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3089250
3087126