KLA12000
Multiple vulnerabilities in Microsoft Exchange Server

Updated: 11/16/2020
Detect date
?
11/10/2020
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Echange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerabilty Microsoft Exchange Server can be exploited remotely to execute arbitrary code.
  2. A denial of service vulnerabilty Microsoft Exchange Server can be exploited to cause denial of service.
Affected products

Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 18

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-17083
CVE-2020-17084
CVE-2020-17085

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Microsoft Exchange Server
CVE-IDS
?
CVE-2020-170833.5Warning
CVE-2020-170849.0Critical
CVE-2020-170854.0Warning
KB list

4588741

Find out the statistics of the vulnerabilities spreading in your region