KLA11664Multiple vulnerabilities in Microsoft Exchange Server

2020-02-11T00:00:00
ID KLA11664
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-05-22T00:00:00

Description

Detect date:

02/11/2020

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code.

Affected products:

Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
Microsoft Exchange Server 2019 Cumulative Update 4
Microsoft Exchange Server 2019 Cumulative Update 3

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-0692
CVE-2020-0688

Impacts:

ACE

Related products:

Microsoft Exchange Server

CVE-IDS:

CVE-2020-06920.0Unknown
CVE-2020-06880.0Unknown

KB list:

4536988
4536989
4536987

Microsoft official advisories: