KLA10611
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 17/06/2019
Дата обнаружения
09/12/2014
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges or spoof user interface.

Below is a complete list of vulnerabilities

  1. An improper tokens validation can be exploited remotely via an unspecified vectors;
  2. XSS vulnerability can be exploited remotely via a specially designed URL.
Пораженные продукты

Microsoft Exchange Server 2007 Service Pack 3 
Microsoft Exchange Server 2010 Service Pack 3 
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Update 6 

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2014-6325
CVE-2014-6319
CVE-2014-6336
CVE-2014-6326
Оказываемое влияние
?
PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2014-63254.3Warning
CVE-2014-63195.0Critical
CVE-2014-63363.5Warning
CVE-2014-63264.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3011140
2986475
2996150
3009712