KLA11242
Multiple vulnerabilities in Microsoft Exchange Server
Updated: 09/12/2018
CVSS
?
10.0
Detect date
?
05/08/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface.

Below is a complete list of vulnerabilities:

  1. An improper handling of objects in memory in Microsoft Exchange can be exploited remotely via a specially designed e-mail to obtain sensitive information;
  2. Multiple vulnerabilities in Microsoft Exchange Outlook Web Access (OWA) can be exploited remotely via a specially designed website to gain privileges or spoof user interface;
  3. Memory corruption vulnerability in Microsoft Exchange software can be exploited remotely via a specially designed e-mail to execute arbitrary code;
Affected products

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8152
CVE-2018-8153
CVE-2018-8151
CVE-2018-8154
CVE-2018-8159

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?

CVE-2018-8152
CVE-2018-8153
CVE-2018-8151
CVE-2018-8154
CVE-2018-8159

Microsoft official advisories
Microsoft Security Update Guide
KB list

4091243
4092041
4458321