Tag
#microsoft
**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker would only be able to delete targeted files on a system.
**According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?** Yes, the attacker must be authenticated.
**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user would have to open a maliciously crafted email sent to Dynamics 365 Customer Engagement.
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named **Message Queuing** and TCP port 1801 is listening on the machine.
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named **Message Queuing** and TCP port 1801 is listening on the machine.
**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a denial of service.
**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a denial of service.
**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a denial of service.
**According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. The vulnerability is triggered when a user on the target machine accesses message queuing, which could result in a denial of service.
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.