Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Exchange Server

CVE-2024-49040: Microsoft Exchange Server Spoofing Vulnerability

**Is there additional information I need to know about or actions to perform after installing the update?** Yes, please see the information available in Exchange Server non-RFC compliant P2 FROM header detection.

Microsoft Security Response Center
#vulnerability#microsoft#Microsoft Exchange Server#Security Vulnerability
CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.

CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability

**Where can I find more information about NTLM relay attacks?** Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks.

CVE-2023-36035: Microsoft Exchange Server Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

CVE-2023-36050: Microsoft Exchange Server Spoofing Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?** Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.

CVE-2023-36039: Microsoft Exchange Server Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

CVE-2023-36439: Microsoft Exchange Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user.

CVE-2023-36778: Microsoft Exchange Server Remote Code Execution Vulnerability

**What can cause this vulnerability?** The vulnerability occurs due to improper validation of cmdlet arguments. **Does the attacker need to be in an authenticated role in the Exchange Server?** Yes, the attacker must be authenticated.

CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.

CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.