MS16-079: Security Update for Microsoft Exchange Server (3160339)

Critical Nessus Plugin ID 91612

Synopsis

The remote Microsoft Exchange Server is affected by multiple vulnerabilities.

Description

The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- Multiple stack buffer overflow conditions exist in the Oracle Outside In subcomponent due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-6013, CVE-2015-6014, CVE-2015-6015)

- An email filter bypass flaw exists in the parsing of HTML messages. An unauthenticated, remote attacker can exploit this, via specially crafted URLs in OWA messages, to identify, fingerprint, and track a user online if the user views email using Outlook Web Access.
(CVE-2016-0028)

Solution

Microsoft has released a set of patches for Exchange Server 2007, 2010, 2013, and 2016.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-079

Plugin Details

Severity: Critical

ID: 91612

File Name: smb_nt_ms16-079.nasl

Version: 1.11

Type: local

Agent: windows

Published: 2016/06/15

Updated: 2018/11/15

Dependencies: 77910, 57033

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/06/14

Vulnerability Publication Date: 2016/01/19

Reference Information

CVE: CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, CVE-2016-0028

BID: 81227, 81233, 81243, 91115

MSFT: MS16-079

MSKB: 3151086, 3151097, 3150501

CERT: 916896