Security Updates for Exchange (October 2018)
High Nessus Plugin ID 118008
SynopsisThe Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :
- An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
- A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. An attacker could then install programs; view, change, add, or delete data.
SolutionMicrosoft has released the following security update to address this issue: