KLA11420Multiple vulnerabilities in Microsoft Exchange Server

2019-02-12T00:00:00
ID KLA11420
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

02/12/2019

Severity:

High

Description:

Multiple elevation of privilege vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges.

Affected products:

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26
Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft Exchange Server 2013 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-0724
CVE-2019-0686
ADV190004

Impacts:

PE

Related products:

Microsoft Exchange Server

CVE-IDS:

CVE-2019-07240.0High
CVE-2019-06860.0High

KB list:

4471391
4471392
4487052
4345836

Microsoft official advisories: