KLA11395
Multiple vulnerabilities in Microsoft Exchange Server
Обновлено: 26/06/2019
Дата обнаружения
08/01/2019
Уровень угрозы
High
Описание

Multiple serious vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Microsoft Exchange can be exploited remotely via specially crafted email to execute arbitrary code;
  2. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely via unspecified vector to obtain sensitive information.
Пораженные продукты

Microsoft Exchange Server 2019
Microsoft Exchange Server 2016 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 25

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-0586
CVE-2019-0588
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Exchange Server
CVE-IDS
CVE-2019-05869.8Critical
CVE-2019-05886.5High
KB list

4471389
4468742

Microsoft official advisories
Microsoft Security Update Guide