Security Updates for Exchange (December 2017)
Medium Nessus Plugin ID 105187
SynopsisThe Microsoft Exchange Server installed on the remote host is missing a security update.
DescriptionThe Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :
- A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
SolutionMicrosoft has released KB4045655 to address this issue.