KLA10826
Information disclosure vulnerability in Microsoft Exchange Server
Обновлено: 17/06/2019
Дата обнаружения
14/06/2016
Уровень угрозы
Warning
Описание

An improper HTML messages parsing was found in Microsoft Exchange Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed email message.

Also this advisory related to update Oracle components with critical vulnerabilities.


Technical details

This vulnerability allows attacker to track a user online if the user views email messages using Outlook Web Access.

Пораженные продукты

Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 2
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Updates 11 & 12
Microsoft Exchange Server 2016
Microsoft Exchange Server 2016 Cumulative Update 1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-0028
Оказываемое влияние
?
OSI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2016-00284.3Warning
Microsoft official advisories
Microsoft Security Update Guide
KB list

3151086
3150501
3151097