Multiple vulnerabilities in Microsoft Exchange Server

Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

1. An improper email messages parsing can be exploited remotely via a specially designed email to obtain sensitive information;
2. An improper open redirect handling can be exploited remotely via a specially designed URL to spoof user interface;
3. An improper meeting invitation handling can be exploited remotely via a specially designed Outlook meeting to gain privileges.

Первичный источник обнаружения

• ADV160006
  CVE-2016-0138
  CVE-2016-3379
  CVE-2016-3378
  

Связанные продукты

• Microsoft-Exchange-Server

Список CVE

• CVE-2016-0138
  warning
• CVE-2016-3379
  warning
• CVE-2016-3378
  high

Список KB

• 3184711
• 3184736
• 3184728

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com