MS17-015: Security Update for Microsoft Exchange Server (4013242)

High Nessus Plugin ID 97744


The remote Microsoft Exchange Server is affected by multiple vulnerabilities.


The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability in Outlook Web Access (OWA) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this issue, via a specially crafted email containing a malicious link or attachment, to execute arbitrary script code, inject content, or disclose sensitive information.


Microsoft has released a set of patches for Exchange Server 2013 and 2016.

See Also

Plugin Details

Severity: High

ID: 97744

File Name: smb_nt_ms17-015.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Published: 2017/03/15

Modified: 2017/07/13

Dependencies: 77910, 57033

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/03/14

Vulnerability Publication Date: 2017/03/14

Reference Information

CVE: CVE-2017-0110

BID: 96621

OSVDB: 153723

MSFT: MS17-015

MSKB: 4012178