Vulnerability Protection

Vulnerability in Microsoft Exchange Server Could Allow Escalation of Privilege

Details

Report ID:

MS20170310

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Escalation of privilege

Compromise From:

Remote

Affected Product/Component:

Microsoft Exchange Server 2013
Microsoft Exchange Server 2016

Summary

A vulnerability in the Microsoft Exchange Outlook Web Access (OWA) could allow an attacker to gain escalated privilege on an affected system, if successfully exploited. 

Detailed Description

Microsoft has released a security update to address an escalation of privilege vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability was caused by improper handling of web requests, and could be exploited to carry out further attacks such as performing script/content injection attacks or tricking user into disclosing sensitive information. The issue above has been fixed in the latest security update by correcting the way that Microsoft Exchange validates web requests.  

CVE Reference

CVE-2017-0110

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/MS17-015

Source

Microsoft Security Bulletin MS17-015