KLA10826
Information disclosure vulnerability in Microsoft Exchange Server
Updated: 06/01/2019
Detect date
?
06/14/2016
Severity
?
Warning
Description

An improper HTML messages parsing was found in Microsoft Exchange Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed email message.

Also this advisory related to update Oracle components with critical vulnerabilities.


Technical details

This vulnerability allows attacker to track a user online if the user views email messages using Outlook Web Access.

Affected products

Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 2
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Updates 11 & 12
Microsoft Exchange Server 2016
Microsoft Exchange Server 2016 Cumulative Update 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2016-0028

Impacts
?
OSI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2016-00284.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3151086
3150501
3151097