KLA11845
Multiple vulnerabilities in Microsoft Exchange Server

Updated: 07/08/2020
Detect date
?
07/11/2017
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

  1. Security UI vulnerability in Microsoft Exchange can be exploited remotely via specially crafted to spoof user interface.
  2. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited remotely via specially crafted email to gain privileges.
Affected products

Microsoft Exchange Server 2016 Cumulative Update 5
Microsoft Exchange Server 2013 Cumulative Update 16
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Service Pack 1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2017-8621
CVE-2017-8560
CVE-2017-8559

Impacts
?
PE 
[?]

SUI 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2017-85594.3Warning
CVE-2017-86215.8High
CVE-2017-85604.3Warning
KB list

4018588

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region