KLA10873
Multiple vulnerabilities in Microsoft Exchange Server

Обновлено: 03/06/2020

Дата обнаружения	13/09/2016
Уровень угрозы	Critical
Описание	Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities An improper email messages parsing can be exploited remotely via a specially designed email to obtain sensitive information; An improper open redirect handling can be exploited remotely via a specially designed URL to spoof user interface; An improper meeting invitation handling can be exploited remotely via a specially designed Outlook meeting to gain privileges.
Пораженные продукты	Microsoft Exchange Server 2007 Service Pack 3 Microsoft Exchange Server 2010 Service Pack 3 Microsoft Exchange Server 2013 Service Pack 1, Cumulative Update 12 or Cumulative Update 13 Microsoft Exchange Server 2016 Cumulative Update 1 or cumulative update 2
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	ADV160006 CVE-2016-0138 CVE-2016-3379 CVE-2016-3378
Оказываемое влияние ?	OSI [?] PE [?] SUI [?]
Связанные продукты	Microsoft Exchange Server
CVE-IDS	CVE-2016-01384.0Warning CVE-2016-33794.3Warning CVE-2016-33785.8High

KLA10873Multiple vulnerabilities in Microsoft Exchange Server