Important 2018-05 archive

Executive Summary

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability, an attacker could send a specially crafted email message containing a specific malicious script. The user would have to apply a highlight to the script for it to be activated. The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released May 8 2018
Last Updated May 8 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

4 affected products
Product KB Article Severity Impact Restart Required
Microsoft Exchange Server 2013 Cumulative Update 19 4092041 (Security Update) Important Elevation of Privilege Maybe
Microsoft Exchange Server 2013 Cumulative Update 20 4092041 (Security Update) Important Elevation of Privilege Maybe
Microsoft Exchange Server 2016 Cumulative Update 8 4092041 (Security Update) Important Elevation of Privilege Maybe
Microsoft Exchange Server 2016 Cumulative Update 9 4092041 (Security Update) Important Elevation of Privilege Maybe

Patches

1 patch
Article Type Restart
4092041 Security Update Maybe

Known Exploits

Acknowledgments

Adrian Ivascu