Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery SSRF vulnerability, while th...

A week in security (June 27 – July 3)

Last week on Malwarebytes Labs: Ransomware review: June 2022 AstraLocker 2.0 ransomware isn’t going to give you your files back YTStealer targets YouTube content creators ZuoRAT is a sophisticated malware that mainly targets SOHO routers Amazon Photos vulnerability could have given attackers acce...

You only have nine months to ditch Exchange Server 2013

Microsoft has posted a reminder that Exchange Server 2013 reaches End of Support EoS on April 11, 2023. Thats a little more than 9 months from now. A useful and timely reminder, since we all realize that it takes some time to migrate to a different system. Every Windows product has a lifecycle. T...

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...

Microsoft Exchange Server 安全漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A security vulnerability exists in Microsoft Exchange Server. The following products and versions a...

KLA12342 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...

Microsoft Exchange Server 权限许可和访问控制问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening. A vulnerability exists in Microsoft Exchange Server with privilege permission and access control...

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...

Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update

Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update Symptoms A security issue occurs in a Microsoft Exchange Server environment. For more information about this security issue, see Microsoft Security Bulletin MS13-061. Known issues in update...

Cumulative Update 22 for Exchange Server 2013

Cumulative Update 22 for Exchange Server 2013 Cumulative Update 22 for Microsoft Exchange Server 2013 was released on February 12, 2019. This cumulative update is a security update. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and...

KLA11420 Multiple vulnerabilities in Microsoft Exchange Server

Multiple elevation of privilege vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges. Original advisories CVE-2019-0724 CVE-2019-0686 ADV190004 Related products Microsoft-Exchange-Server CVE list CVE-2019-0724 critical...

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server 2016 Cumulative Update version 10 and 2013...

KLA11335 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities were found in Microsoft Exchange. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Exchange can be exploited remotely vi...

Security update 2018-06-19

...

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Serve...

CVE-2017-11940

CVE-2017-11940 / CVE-2017-11937 describe a remote code execution vulnerability in the Microsoft Malware Protection Engine (MMPE) used by Windows Defender/Endpoint Protection, Forefront, and related products. The issue stems from MMPE not properly scanning specially crafted files, which can lead t...

Remote code execution

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properl...

CVE-2017-11761

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"...

CVE-2017-8537

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...

CVE-2017-8541

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft...