KLA11395 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Microsoft Exchange can be exploited remotely via specially crafted email to execute arbitrary code;
2. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely via unspecified vector to obtain sensitive information.

Original advisories

CVE-2019-0586

CVE-2019-0588

Related products

Microsoft-Exchange-Server

CVE list

CVE-2019-0586 critical

CVE-2019-0588 warning

KB list

4471389

4468742

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

• Microsoft Exchange Server 2019Microsoft Exchange Server 2016 Cumulative Update 11Microsoft Exchange Server 2016 Cumulative Update 10Microsoft Exchange Server 2013 Cumulative Update 21Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 25