KLA11820 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely via specially crafted application to obtain sensitive information.
2. An information disclosure vulnerability in Microsoft Exchange can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2019-1108

CVE-2019-1084

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Lync

Microsoft-Office

Microsoft-Outlook

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Exchange-Server

Microsoft-Windows-10

CVE list

CVE-2019-1108 warning

CVE-2019-1084 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

• Outlook for iOSWindows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1703 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Office 365 ProPlus for 64-bit SystemsWindows Server, version 1803 (Server Core Installation)Microsoft Office 2019 for 64-bit editionsMicrosoft Outlook 2016 (32-bit edition)Microsoft Outlook 2010 Service Pack 2 (64-bit editions)Microsoft Lync Basic 2013 Service Pack 1 (32-bit)Microsoft Exchange Server 2016 Cumulative Update 12Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft Exchange Server 2010 Service Pack 3Skype for Business 2016 Basic (64-bit)Mail and CalendarMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2013 Service Pack 1 (64-bit editions)Microsoft Lync Basic 2013 Service Pack 1 (64-bit)Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Skype for Business 2016 (32-bit)Windows 8.1 for 32-bit systemsMicrosoft Exchange Server 2016 Cumulative Update 13Windows Server 2012Microsoft Office 2013 RT Service Pack 1Windows RT 8.1Microsoft Remote Desktop for AndroidMicrosoft Lync 2013 Service Pack 1 (32-bit)Windows 10 Version 1903 for 32-bit SystemsMicrosoft Outlook 2010 Service Pack 2 (32-bit editions)Windows 10 Version 1607 for x64-based SystemsSkype for Business 2016 (64-bit)Microsoft Exchange Server 2019 Cumulative Update 1Windows 10 Version 1803 for 32-bit SystemsMicrosoft Outlook 2013 Service Pack 1 (32-bit editions)Windows 10 Version 1709 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1803 for x64-based SystemsWindows Server 2016Windows Server 2012 (Server Core installation)Microsoft Office 2016 (64-bit edition)Office 365 ProPlus for 32-bit SystemsMicrosoft Outlook 2016 (64-bit edition)Microsoft Lync 2013 Service Pack 1 (64-bit)Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsMicrosoft Outlook for AndroidWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2012 R2Microsoft Office 2016 (32-bit edition)Microsoft Outlook 2013 Service Pack 1 (64-bit editions)Skype for Business 2016 Basic (32-bit)Microsoft Exchange Server 2013 Cumulative Update 23Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Office 2019 for MacMicrosoft Remote Desktop for IoSWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2019Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Microsoft Office 2016 for MacMicrosoft Office 2013 Service Pack 1 (32-bit editions)Windows Server 2008 for Itanium-Based Systems Service Pack 2Microsoft Exchange Server 2019 Cumulative Update 2Windows 8.1 for x64-based systems