Msrc Microsoft Exchange Server 2016 Cumulative Update 12 vulnerabilities

CVE-2021-26855 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-26857 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-27065 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-26858 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2019-1233 [HIGH] Microsoft Exchange Denial of Service Vulnerability Microsoft Exchange Denial of Service Vulnerability Description: A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange s

CVE-2019-1266 [MEDIUM] Microsoft Exchange Spoofing Vulnerability Microsoft Exchange Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could

CVE-2019-1136 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability

CVE-2019-1137 [MEDIUM] Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server. The attacker who successfully exploited the vulnerability could then perf

CVE-2019-1084 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by vali

CVE-2019-0817 [MEDIUM] Microsoft Exchange Spoofing Vulnerability Microsoft Exchange Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could

CVE-2019-0858 [MEDIUM] Microsoft Exchange Spoofing Vulnerability Microsoft Exchange Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could

CVE-2019-0686 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other users. Exploitation of this vulnerability

CVE-2019-0724 [HIGH] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as a Domain Administrator. Exploitation of this vulnerability requires Exchange Web Services (EWS) and Push Notifications to be enabled and in use in an affected environment. To