Security Updates for Exchange (May 2018)

critical Nessus Plugin ID 109684

Synopsis

The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system. (CVE-2018-8151)

- A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server. The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
(CVE-2018-8154)

- An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
(CVE-2018-8159)

- A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
(CVE-2018-8153)

- An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
(CVE-2018-8152)

Solution

Microsoft has released the following security updates to address this issue:
-KB4091243
-KB4092041

See Also

http://www.nessus.org/u?d6cc4f2b

http://www.nessus.org/u?cc955952

Plugin Details

Severity: Critical

ID: 109684

File Name: smb_nt_ms18_may_exchange.nasl

Version: 1.8

Type: local

Agent: windows

Published: 5/10/2018

Updated: 4/20/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8154

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 5/8/2018

Vulnerability Publication Date: 5/8/2018

Reference Information

CVE: CVE-2018-8151, CVE-2018-8152, CVE-2018-8153, CVE-2018-8154, CVE-2018-8159

BID: 104042, 104043, 104045, 104054, 104056

MSFT: MS18-4091243, MS18-4092041

MSKB: 4091243, 4092041