Rewterz Threat Advisory – Microsoft Exchange Server OWA Multiple Spoofing Vulnerabilities - Rewterz

Rewterz Threat Advisory – Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities

Rewterz Threat Advisory – Microsoft SharePoint Multiple Products Multiple Script Insertion Vulnerabilities

Rewterz Threat Advisory – Microsoft Exchange Server OWA Multiple Spoofing Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-0817

An error when handling web requests related to Outlook Web Access (OWA) can be exploited to spoof certain content and subsequently e.g. redirect a user to an arbitrary website.

CVE-2019-0858

Another error when handling web requests related to Outlook Web Access (OWA) can be exploited to spoof certain content and subsequently e.g. redirect a user to an arbitrary website.

Impact

Spoofing

Affected Vendors

Microsoft

Affected Products

Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Remediation

Vendor has released updates for the following products.

Microsoft Exchange Server 2013 Cumulative Update 22 (KB4487563):

https://www.microsoft.com/downloads/details.aspx?familyid=cdfdbe8a-01ac-412d-a4a7-ecda5bb5dd35

Microsoft Exchange Server 2016 Cumulative Update 11 (KB4487563):

https://www.microsoft.com/downloads/details.aspx?familyid=74a2878b-6978-4f3a-b1f6-bc202195fb01

Microsoft Exchange Server 2016 Cumulative Update 12 (KB4487563):

https://www.microsoft.com/downloads/details.aspx?familyid=12a706c6-6483-4948-b5a0-06ad02bd7908

Microsoft Exchange Server 2019 (KB4487563):

https://www.microsoft.com/downloads/details.aspx?familyid=05971399-0bb8-4ede-9b7d-3be188c5ddb7

Microsoft Exchange Server 2019 Cumulative Update 1 (KB4487563):

https://www.microsoft.com/downloads/details.aspx?familyid=9290c8bb-4db5-462e-9b0a-71c992dde85d

Microsoft Exchange Server 2010 Service Pack 3 (KB4491413):

https://www.microsoft.com/downloads/details.aspx?familyid=3adaa6ca-a52c-4a28-8b1d-ea1196073fea