KLA11395
Multiple vulnerabilities in Microsoft Exchange Server
Updated: 06/26/2019
Detect date
?
01/08/2019
Severity
?
High
Description

Multiple serious vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Microsoft Exchange can be exploited remotely via specially crafted email to execute arbitrary code;
  2. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely via unspecified vector to obtain sensitive information.
Affected products

Microsoft Exchange Server 2019
Microsoft Exchange Server 2016 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 25

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-0586
CVE-2019-0588

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2019-05869.8Critical
CVE-2019-05886.5High
KB list

4471389
4468742

Microsoft official advisories
Microsoft Security Update Guide