Microsoft Exchange Server Tampering Vulnerability

2018-12-11T08:00:00
ID MS:CVE-2018-8604
Type mscve
Reporter Microsoft
Modified 2018-12-11T08:00:00

Description

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.

To exploit the vulnerability, an attacker would need to be authenticated on an affected Exchange Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.

The security update addresses the vulnerability by modifying how Microsoft Exchange Server handles profile data.