Msrc Microsoft Exchange Server 2013 Cumulative Update 23 vulnerabilities

CVE-2023-21529 [HIGH] CWE-502 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt

CVE-2023-21706 [HIGH] CWE-502 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt

CVE-2023-21707 [HIGH] CWE-502 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt

CVE-2023-21762 [HIGH] CWE-502 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared p

CVE-2022-41079 [HIGH] Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical

CVE-2022-41078 [HIGH] Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical

CVE-2022-41080 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A Reference: https://www.microsoft.com/download/details.aspx?familyid=4342d7ed-0583-4d2c-831c-836ee8f7bf6

CVE-2022-41082 [HIGH] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigg

CVE-2022-41040 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated. FAQ: Do I need to take further steps to be protected from this vulnerability? Microsoft Exchange Online customers do not need to take any action. Exchange Server

CVE-2022-24477 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would be able to take over the mailboxes of all Ex

CVE-2022-24516 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: Why is Attack Complexity marked as High for this vulnerability? A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in execution against the vulnerable component before a successful attack can

CVE-2022-21980 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: Are there any more actions I need to take to be protected from this vulnerability? Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see Exchange Server Support for Windows Extended Protection. Is there more information available abo

CVE-2022-21979 [MEDIUM] Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server Information Disclosure Vulnerability FAQ: Are there any more actions I need to take to be protected from this vulnerability? Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protection to be protected from this vulnerability. For more information, see Exchange Server Support for Windows Extended Protection. Is there more information available a

CVE-2022-30134 [MEDIUM] Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could read targeted email messages. FAQ: Are there any more actions I need to take to be protected from this vulnerability? Yes. Customers running an affected version of Microsoft Exchange need to enable Extended Protec

CVE-2022-21978 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: Do I need to take further steps to be protected from this vulnerability? Because of additional security hardening work for CVE-2022-21978, the following actions should be taken in addition to application of May 2022 security updates: For customers that have Exchange Server 2016 CU22 or CU23, or Exchange Server 2019 CU11 or CU12 installed Instal

CVE-2022-23277 [HIGH] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is none (UI:N). What is the target used in the context of the remote code execution? The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigg

CVE-2022-21846 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would inc

CVE-2022-21855 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would inc

CVE-2022-21969 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would inc

CVE-2021-41349 [MEDIUM] Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: http://www.microsoft.com/download/details.aspx?familyid=8ef4e237-7007-4e30-9525-75ae6e66bb41