|CERT-In Vulnerability Note
Microsoft Exchange Server Outlook Web Access Security Bypass Vulnerability
Original Issue Date:March 15, 2017
Severity Rating: MEDIUM
- Microsoft Exchange Server 2013 Cumulative Update 14
- Microsoft Exchange Server 2013 SP1
- Microsoft Exchange Server 2016 Cumulative Update 3
A vulnerability has been reported in Microsoft Exchange Outlook Web Access (OWA)which could be exploited by a remote attacker to gain elevated privileges to access sensitive information.
This vulnerability exists due to improper handling of web requests by the affected software. A remote attacker could exploit this vulnerability by sending a crafted email message containing a malicious link to the targeted user while persuading him to click the link.
The successful exploitation of this vulnerability could allow remote attacker to perform script/content injection attacks, and entice the user into disclosing sensitive information.
Apply appropriate patches as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003