KLA10658
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 17/06/2019
Дата обнаружения
08/09/2015
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper web request handling at Outlook Web Access can be exploited remotely via a specially designed web application request to obtain sensitive information;
  2. Improper emails sanitization at Outlook Web Access can be exploited remotely via a specially designed email to spoof user interface.
Пораженные продукты

Exchange Server 2013 Cumulative Update 8
Exchange Server 2013 Cumulative Update 9
Exchange Server 2013 Service Pack 1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2015-2544
CVE-2015-2505
CVE-2015-2543
Оказываемое влияние
?
OSI 
[?]

SUI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2015-25444.3Warning
CVE-2015-25055.0Critical
CVE-2015-25434.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3089250
3087126