Rewterz Threat Advisory – Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
April 11, 2019Rewterz Threat Advisory – Microsoft SharePoint Multiple Products Multiple Script Insertion Vulnerabilities
April 11, 2019Severity
Medium
Analysis Summary
CVE-2019-0817
An error when handling web requests related to Outlook Web Access (OWA) can be exploited to spoof certain content and subsequently e.g. redirect a user to an arbitrary website.
CVE-2019-0858
Another error when handling web requests related to Outlook Web Access (OWA) can be exploited to spoof certain content and subsequently e.g. redirect a user to an arbitrary website.
Impact
- Spoofing
Affected Vendors
Microsoft
Affected Products
- Microsoft Exchange Server 2010
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Remediation
Vendor has released updates for the following products.
- Microsoft Exchange Server 2013 Cumulative Update 22 (KB4487563):
https://www.microsoft.com/downloads/details.aspx?familyid=cdfdbe8a-01ac-412d-a4a7-ecda5bb5dd35
- Microsoft Exchange Server 2016 Cumulative Update 11 (KB4487563):
https://www.microsoft.com/downloads/details.aspx?familyid=74a2878b-6978-4f3a-b1f6-bc202195fb01
- Microsoft Exchange Server 2016 Cumulative Update 12 (KB4487563):
https://www.microsoft.com/downloads/details.aspx?familyid=12a706c6-6483-4948-b5a0-06ad02bd7908
- Microsoft Exchange Server 2019 (KB4487563):
https://www.microsoft.com/downloads/details.aspx?familyid=05971399-0bb8-4ede-9b7d-3be188c5ddb7
- Microsoft Exchange Server 2019 Cumulative Update 1 (KB4487563):
https://www.microsoft.com/downloads/details.aspx?familyid=9290c8bb-4db5-462e-9b0a-71c992dde85d
- Microsoft Exchange Server 2010 Service Pack 3 (KB4491413):
https://www.microsoft.com/downloads/details.aspx?familyid=3adaa6ca-a52c-4a28-8b1d-ea1196073fea