KLA11302
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 26/06/2019
Дата обнаружения
14/08/2018
Уровень угрозы
Warning
Описание

Multiple serious vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code and bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An tampering vulnerability can be exploited via specially crafted application to bypass security restrictions;
  2. An improper memory handling vulnerability can be exploited remotely via specially crafted email to execute arbitrary code;
Пораженные продукты

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 23
Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 9

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8374
CVE-2018-8302
Оказываемое влияние
?
ACE 
[?]

SB 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2018-83744.3Warning
CVE-2018-83029.8Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4340733
4340731