KLA10873
Multiple vulnerabilities in Microsoft Exchange Server
Updated: 05/22/2020
Detect date
?
09/13/2016
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

  1. An improper email messages parsing can be exploited remotely via a specially designed email to obtain sensitive information;
  2. An improper open redirect handling can be exploited remotely via a specially designed URL to spoof user interface;
  3. An improper meeting invitation handling can be exploited remotely via a specially designed Outlook meeting to gain privileges.
Affected products

Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Service Pack 1, Cumulative Update 12 or Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 1 or cumulative update 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

ADV160006
CVE-2016-0138
CVE-2016-3379
CVE-2016-3378

Impacts
?
OSI 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2016-01384.0Warning
CVE-2016-33794.3Warning
CVE-2016-33785.8High
Microsoft official advisories
Microsoft Security Update Guide
KB list

3184711
3184736
3184728