|CERT-In Vulnerability Note
Microsoft Exchange Server Tampering Vulnerability
Original Issue Date:December 12, 2018
Severity Rating: MEDIUM
- Microsoft Exchange Server 2016 Cumulative Update 10
- Microsoft Exchange Server 2016 Cumulative Update 11
A vulnerability has been reported in Microsoft Exchange Server,which could allow an attacker to bypass security restrictions and gain unauthorized accesson the targeted system.
This vulnerability exists in Microsoft Exchange Server due to improper handling of user profile data. An attacker could exploit this vulnerability bysending a specially crafted requestto the affected system, targeting a specific user.
Successful exploitation of this vulnerability could allow an attacker tomodify the targeted user's profile data.
Apply appropriate updates as mentioned in the Microsoft Security Advisory
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003