Msrc Microsoft Exchange Server 2016 Cumulative Update 23 vulnerabilities

CVE-2026-21527 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). W

CVE-2025-64666 [HIGH] CWE-20 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional acti

CVE-2025-64667 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A

CVE-2025-59249 [HIGH] CWE-1390 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would be able to take over the mailboxes of all Exchange users, attackers can send emails, read emai

CVE-2025-59248 [HIGH] CWE-20 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference

CVE-2025-53782 [HIGH] CWE-303 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially craft

CVE-2025-33051 [HIGH] CWE-200 Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulner

CVE-2025-53786 [HIGH] CWE-287 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Description: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft ident

CVE-2025-25006 [MEDIUM] CWE-167 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does

CVE-2025-25005 [MEDIUM] CWE-20 Microsoft Exchange Server Tampering Vulnerability Microsoft Exchange Server Tampering Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Tampering Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Refer

CVE-2025-25007 [MEDIUM] CWE-1286 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). Wh

CVE-2024-49040 [HIGH] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: Is there additional information I need to know about or actions to perform after installing the update? Yes. Please see the information available in Exchange Server non-RFC compliant P2 FROM header detection. FAQ: Why are the Exchange Server updates no longer available on the download center? Microsoft has temporarily paused the rollout of this update. Please see

CVE-2024-26198 [HIGH] CWE-426 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by placing a specially crafted file onto an online directory or in a local network location then convincing the user to open it. In a successful attack, this will then load a malicious DLL which could lead to a remote code executi

CVE-2024-21410 [CRITICAL] CWE-287 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability FAQ: Where can I find more information about NTLM relay attacks? Download Mitigating Pass the Hash (PtH) Attacks and Other Credential Theft, Version 1 and 2. This document discusses Pass-the-Hash (PtH) attacks against the Windows operating systems and provides holistic planning strategies that, when combined with the Windows security fea

CVE-2023-36050 [HIGH] CWE-502 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be aut

CVE-2023-36439 [HIGH] CWE-502 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? For the vulnerability to be exploited, the attacker would need to be authenticated as a valid exchange user. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An authenticated attacker could gain remote code execution rights on the server ma

CVE-2023-36039 [HIGH] CWE-502 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could achieve exploitation by using a PowerShell remoting session to the server. FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: According

CVE-2023-36035 [HIGH] CWE-502 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack aga

CVE-2023-36778 [HIGH] CWE-426 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. FAQ: How could an attacker exploit this vulnerability? An authenticated attacker who is on the same intranet as the Exchange server can achieve remote

CVE-2023-36745 [HIGH] CWE-502 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server? Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user. FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead