• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft Edge Memory Corruption Multiple Vulnerabilities
December 13, 2018
Rewterz Threat Advisory – Windows Server 2012/Windows RT 8.1/8.1 multiple vulnerabilities
December 13, 2018

Rewterz Threat Advisory – CVE-2018-8604 – Microsoft Exchange Server 2016 Profile Data Manipulation Vulnerability

December 13, 2018

A vulnerability has been reported in Microsoft Exchange Server 2016, which can be exploited by people with malicious intent to cause security bypass in order to manipulate data.

 

 

IMPACT:  MEDIUM

 

 

PUBLISH DATE:  13-DEC-2018

 

 

OVERVIEW

 

 

An error when handling profile data in Microsoft Exchange Server can be exploited to manipulate profile data of another user via a specially crafted request. Updates are available that patch this vulnerability.

 

 

ANALYSIS

 

 

The tampering vulnerability is triggered when Microsoft Exchange Server fails to properly handle profile data, aka “Microsoft Exchange Server Tampering Vulnerability.” This affects Microsoft Exchange Server 2016.

 

An attacker would need to be authenticated on an affected Exchange Server in order to exploit this vulnerability. The attacker can then exploit this vulnerability by sending a specially modified request to the server, targeting a specific user. The vulnerability is therefore categorized as a Failure to Handle Exceptional Conditions.

 

It is also a security bypass vulnerability, as an attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

 

 

AFFECTED PRODUCTS

 

 

Microsoft Exchange Server 2016

 

 

UPDATES

 

 

Apply the following updates:

 

  • For Microsoft Exchange Server 2016 Cumulative Update 10 (KB4468741):

https://www.microsoft.com/downloads/details.aspx?familyid=0c76d4d9-458d-4080-919e-c5e8849426a1

 

  • For Microsoft Exchange Server 2016 Cumulative Update 11 (KB4468741):

https://www.microsoft.com/downloads/details.aspx?familyid=655aee71-5a2e-452e-b373-f4f38f42b862

 

 

If you think you’re a victim of a cyber-attack, immediately send an e-mail to soc@rewterz.com.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.