KLA11242
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 16/10/2018
CVSS
10.0
Дата обнаружения
08/05/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface.

Below is a complete list of vulnerabilities:

  1. An improper handling of objects in memory in Microsoft Exchange can be exploited remotely via a specially designed e-mail to obtain sensitive information;
  2. Multiple vulnerabilities in Microsoft Exchange Outlook Web Access (OWA) can be exploited remotely via a specially designed website to gain privileges or spoof user interface;
  3. Memory corruption vulnerability in Microsoft Exchange software can be exploited remotely via a specially designed e-mail to execute arbitrary code;
Пораженные продукты

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft Exchange Server 2016 Cumulative Update 9

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8152
CVE-2018-8153
CVE-2018-8151
CVE-2018-8154
CVE-2018-8159
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS

CVE-2018-8152
CVE-2018-8153
CVE-2018-8151
CVE-2018-8154
CVE-2018-8159

Microsoft official advisories
Microsoft Security Update Guide
KB list

4091243
4092041
4458321