KLA10873
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 17/06/2019
Дата обнаружения
13/09/2016
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

  1. An improper email messages parsing can be exploited remotely via a specially designed email to obtain sensitive information;
  2. An improper open redirect handling can be exploited remotely via a specially designed URL to spoof user interface;
  3. An improper meeting invitation handling can be exploited remotely via a specially designed Outlook meeting to gain privileges.
Пораженные продукты

Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Service Pack 1, Cumulative Update 12 or Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 1 or cumulative update 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
ADV160006
CVE-2016-0138
CVE-2016-3379
CVE-2016-3378
Оказываемое влияние
?
OSI 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2016-01384.0Warning
CVE-2016-33794.3Warning
CVE-2016-33785.8High
Microsoft official advisories
Microsoft Security Update Guide
KB list

3184711
3184736
3184728