Security Updates for Exchange (September 2017)

medium Nessus Plugin ID 103139

Synopsis

The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests. Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker. (CVE-2017-8758)

- An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker could use this internal host information as part of a larger attack. To exploit the vulnerability, an attacker could include specially crafted tags in Calendar-related messages sent to an Exchange server. These specially-tagged messages could prompt the Exchange server to fetch information from internal servers. By observing telemetry from these requests, a client could discern properties of internal hosts intended to be hidden from the Internet. The update corrects the way that Exchange parses Calendar- related messages. (CVE-2017-11761)

Solution

Microsoft has released the following security updates to address this issue:
-KB4036108

See Also

http://www.nessus.org/u?871d0058

Plugin Details

Severity: Medium

ID: 103139

File Name: smb_nt_ms17_sep_exchange.nasl

Version: 1.13

Type: local

Agent: windows

Published: 9/12/2017

Updated: 4/4/2022

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-11761

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/12/2017

Vulnerability Publication Date: 9/12/2017

Exploitable With

Metasploit (Microsoft Exchange ProxyShell RCE)

Reference Information

CVE: CVE-2017-11761, CVE-2017-8758

BID: 100723, 100731

MSFT: MS17-4036108