Searching
..

Click anywhere to stop

KLA11212
Multiple vulnerabilities in Microsoft Exchange Server

Обновлено: 22/01/2024
Дата обнаружения
13/03/2018
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in way that Microsoft Exchange Server handles URL redirects can be exploited via link in an email by attacker to obtain sensitive information;
  2. An elevation of privilege vulnerability in Microsoft Exchange Outlook Web Access (OWA) can be exploited via specially crafted email message containing a malicious link to gain priveleges;
  3. An elevation of privilege vulnerability in the way that Microsoft Exchange Server handles importing data can be exploited via specially crafted file to obtain sensitive information.
Пораженные продукты

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20
Microsoft Exchange Server 2013 Cumulative Update 18
Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 8

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-0924
CVE-2018-0940
CVE-2018-0941
Оказываемое влияние
?
OSI 
[?]

SB 
[?]

SUI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2018-09244.3Warning
CVE-2018-09404.3Warning
CVE-2018-09414.3Warning