Security Updates for Exchange (September 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.

Description :

The Microsoft Exchange Server installed on the remote host
is missing security updates. It is, therefore, affected by
multiple vulnerabilities :

- An elevation of privilege vulnerability exists when
Microsoft Exchange Outlook Web Access (OWA) fails to
properly handle web requests. An attacker who
successfully exploited this vulnerability could perform
script/content injection attacks and attempt to trick
the user into disclosing sensitive information. To
exploit the vulnerability, an attacker could send a
specially crafted email message containing a malicious
link to a user. Alternatively, an attacker could use a
chat client to social engineer a user into clicking the
malicious link. The security update addresses the
vulnerability by correcting how Microsoft Exchange
validates web requests. Note: In order to exploit this
vulnerability, a user must click a maliciously crafted
link from an attacker. (CVE-2017-8758)

- An input sanitization issue exists with Microsoft
Exchange that could potentially result in unintended
Information Disclosure. An attacker who successfully
exploited the vulnerability could identify the existence
of RFC1918 addresses on the local network from a client
on the Internet. An attacker could use this internal
host information as part of a larger attack. To exploit
the vulnerability, an attacker could include specially
crafted tags in Calendar-related messages sent to an
Exchange server. These specially-tagged messages could
prompt the Exchange server to fetch information from
internal servers. By observing telemetry from these
requests, a client could discern properties of internal
hosts intended to be hidden from the Internet. The
update corrects the way that Exchange parses Calendar-
related messages. (CVE-2017-11761)

See also :

Solution :

Microsoft has released the following security updates to address this issue:

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 103139 ()

Bugtraq ID: 100723

CVE ID: CVE-2017-11761

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now