KLA11845 Multiple vulnerabilities in Microsoft Exchange Server

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

1. Security UI vulnerability in Microsoft Exchange can be exploited remotely via specially crafted to spoof user interface.
2. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited remotely via specially crafted email to gain privileges.

Original advisories

CVE-2017-8621

CVE-2017-8560

CVE-2017-8559

Related products

Microsoft-Exchange-Server

CVE list

CVE-2017-8559 warning

CVE-2017-8621 high

CVE-2017-8560 warning

KB list

4018588

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Exchange Server 2016 Cumulative Update 5Microsoft Exchange Server 2013 Cumulative Update 16Microsoft Exchange Server 2010 Service Pack 3Microsoft Exchange Server 2013 Service Pack 1