Security Updates for Exchange (September 2017)

Medium Nessus Plugin ID 103139


The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.


The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests. Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker. (CVE-2017-8758)

- An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker could use this internal host information as part of a larger attack. To exploit the vulnerability, an attacker could include specially crafted tags in Calendar-related messages sent to an Exchange server. These specially-tagged messages could prompt the Exchange server to fetch information from internal servers. By observing telemetry from these requests, a client could discern properties of internal hosts intended to be hidden from the Internet. The update corrects the way that Exchange parses Calendar- related messages. (CVE-2017-11761)


Microsoft has released the following security updates to address this issue:

See Also

Plugin Details

Severity: Medium

ID: 103139

File Name: smb_nt_ms17_sep_exchange.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Published: 2017/09/12

Modified: 2017/12/18

Dependencies: 57033, 77910

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/09/12

Vulnerability Publication Date: 2017/09/12

Reference Information

CVE: CVE-2017-11761, CVE-2017-8758

BID: 100723, 100731

OSVDB: 165224, 165301

MSKB: 4036108

MSFT: MS17-4036108