KLA10873 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface. obtain sensitive information or gain privileges.

Below is a complete list of vulnerabilities

1. An improper email messages parsing can be exploited remotely via a specially designed email to obtain sensitive information;
2. An improper open redirect handling can be exploited remotely via a specially designed URL to spoof user interface;
3. An improper meeting invitation handling can be exploited remotely via a specially designed Outlook meeting to gain privileges.

Original advisories

ADV160006

CVE-2016-0138

CVE-2016-3379

CVE-2016-3378

Related products

Microsoft-Exchange-Server

CVE list

CVE-2016-0138 warning

CVE-2016-3379 warning

CVE-2016-3378 high

KB list

3184711

3184736

3184728

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Exchange Server 2007 Service Pack 3Microsoft Exchange Server 2010 Service Pack 3Microsoft Exchange Server 2013 Service Pack 1, Cumulative Update 12 or Cumulative Update 13Microsoft Exchange Server 2016 Cumulative Update 1 or cumulative update 2