Msrc Microsoft Exchange Server 2016 Cumulative Update 10 vulnerabilities

CVE-2021-26855 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-26857 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-27065 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-26858 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2019-0586 [CRITICAL] Microsoft Exchange Memory Corruption Vulnerability Microsoft Exchange Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitat

CVE-2019-0588 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell. The attacker would then be able to view addition

CVE-2018-8604 [MEDIUM] Microsoft Exchange Server Tampering Vulnerability Microsoft Exchange Server Tampering Vulnerability Description: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected Exchange Server. The attacker would then need to send a specially mod

CVE-2018-8265 [HIGH] Microsoft Exchange Remote Code Execution Vulnerability Microsoft Exchange Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the system user. An attacker could then install programs; view, change, add, or delete data. To exploit this vulnerability, an att

CVE-2018-8448 [MEDIUM] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability

CVE-2018-8302 [CRITICAL] Microsoft Exchange Memory Corruption Vulnerability Microsoft Exchange Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitat

CVE-2018-8374 [MEDIUM] Microsoft Exchange Server Tampering Vulnerability Microsoft Exchange Server Tampering Vulnerability Description: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected Exchange Server. The attacker would then need to send a specially mod