Lucene search

K
kasperskyKaspersky LabKLA11335
HistoryOct 09, 2018 - 12:00 a.m.

KLA11335 Multiple vulnerabilities in Microsoft Exchange Server

2018-10-0900:00:00
Kaspersky Lab
threats.kaspersky.com
542

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.082 Low

EPSS

Percentile

94.2%

Detect date:

10/09/2018

Severity:

High

Description:

Multiple serious vulnerabilities were found in Microsoft Exchange. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Affected products:

Microsoft Exchange Server 2013,Microsoft Exchange Server 2010 Service Pack 3,Microsoft Exchange Server 2016

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8265
CVE-2018-8448
CVE-2010-3190

Impacts:

ACE

Related products:

Microsoft Exchange Server

CVE-IDS:

CVE-2010-31909.3Critical
CVE-2018-82659.3Critical
CVE-2018-84485.8High

KB list:

2565063
4459266

Microsoft official advisories:

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.082 Low

EPSS

Percentile

94.2%