KLA11302
Multiple vulnerabilities in Microsoft Exchange Server

Updated: 06/03/2020
Detect date
?
08/14/2018
Severity
?
Warning
Description

Multiple serious vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code and bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An tampering vulnerability can be exploited via specially crafted application to bypass security restrictions;
  2. An improper memory handling vulnerability can be exploited remotely via specially crafted email to execute arbitrary code;
Affected products

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 23
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 9

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8374
CVE-2018-8302

Impacts
?
ACE 
[?]

SB 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2018-83744.0Warning
CVE-2018-830210.0Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4340733
4340731

Find out the statistics of the vulnerabilities spreading in your region