Kaspersky Threats

KLA10736
Spoofing vulnerability in Microsoft Exchange Server

Updated: 06/01/2019

Detect date ?	01/12/2016
Severity ?	Warning
Description	Improper web requests handling was found in Microsoft Exchange Server at Outlook Web Access. By exploiting this vulnerability malicious users can spoof user interface. This vulnerability can be exploited remotely via a specially designed email with malicious link.
Affected products	Microsoft Exchange Server 2013 Service Pack 1 Microsoft Exchange Server 2013 Cumulative Update 10 Microsoft Exchange Server 2013 Cumulative Update 11 Microsoft Exchange Server 2016
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2016-0032 CVE-2016-0031 CVE-2016-0030 CVE-2016-0029
Impacts ?	SUI [?]
Related products	Microsoft Exchange Server
CVE-IDS ?	CVE-2016-00324.3Warning CVE-2016-00314.3Warning CVE-2016-00304.3Warning CVE-2016-00294.3Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	3124557