KLA11242
Multiple vulnerabilities in Microsoft Exchange Server

Обновлено: 03/06/2020

Дата обнаружения	08/05/2018
Уровень угрозы	Critical
Описание	Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: An improper handling of objects in memory in Microsoft Exchange can be exploited remotely via a specially designed e-mail to obtain sensitive information; Multiple vulnerabilities in Microsoft Exchange Outlook Web Access (OWA) can be exploited remotely via a specially designed website to gain privileges or spoof user interface; Memory corruption vulnerability in Microsoft Exchange software can be exploited remotely via a specially designed e-mail to execute arbitrary code;
Пораженные продукты	Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21 Microsoft Exchange Server 2013 Cumulative Update 19 Microsoft Exchange Server 2013 Cumulative Update 20 Microsoft Exchange Server 2013 Service Pack 1 Microsoft Exchange Server 2016 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 9
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2018-8152 CVE-2018-8153 CVE-2018-8151 CVE-2018-8154 CVE-2018-8159
Оказываемое влияние ?	ACE [?] OSI [?] PE [?] SUI [?]
Связанные продукты	Microsoft Exchange Server
CVE-IDS	CVE-2018-81525.8High CVE-2018-81535.8High CVE-2018-81514.3Warning CVE-2018-81595.8High

KLA11242Multiple vulnerabilities in Microsoft Exchange Server

KLA11242
Multiple vulnerabilities in Microsoft Exchange Server