Multiple vulnerabilities in Microsoft Exchange Server

Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in way that Microsoft Exchange Server handles URL redirects can be exploited via link in an email by attacker to obtain sensitive information;
2. An elevation of privilege vulnerability in Microsoft Exchange Outlook Web Access (OWA) can be exploited via specially crafted email message containing a malicious link to gain priveleges;
3. An elevation of privilege vulnerability in the way that Microsoft Exchange Server handles importing data can be exploited via specially crafted file to obtain sensitive information.

Первичный источник обнаружения

• CVE-2018-0924
  CVE-2018-0940
  CVE-2018-0941
  

Связанные продукты

• Microsoft-Exchange-Server

Список CVE

• CVE-2018-0924
  warning
• CVE-2018-0940
  warning
• CVE-2018-0941
  warning

Список KB

• 4073537
• 4073392

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com