A vulnerability has been reported in Microsoft Exchange Server 2016, which can be exploited by people with malicious intent to cause security bypass in order to manipulate data.
PUBLISH DATE: 13-DEC-2018
An error when handling profile data in Microsoft Exchange Server can be exploited to manipulate profile data of another user via a specially crafted request. Updates are available that patch this vulnerability.
The tampering vulnerability is triggered when Microsoft Exchange Server fails to properly handle profile data, aka “Microsoft Exchange Server Tampering Vulnerability.” This affects Microsoft Exchange Server 2016.
An attacker would need to be authenticated on an affected Exchange Server in order to exploit this vulnerability. The attacker can then exploit this vulnerability by sending a specially modified request to the server, targeting a specific user. The vulnerability is therefore categorized as a Failure to Handle Exceptional Conditions.
It is also a security bypass vulnerability, as an attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Microsoft Exchange Server 2016
Apply the following updates:
If you think you’re a victim of a cyber-attack, immediately send an e-mail to firstname.lastname@example.org.