Spoofing Vulnerability Affects Microsoft Exchange Server
CVE-2023-21745

8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Vendor
CVE Published:
10 January 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

The Microsoft Exchange Server spoofing vulnerability allows an attacker to impersonate legitimate users by manipulating email messages. This exploitation takes advantage of specific configurations within Microsoft Exchange, potentially leading to unauthorized access or the spread of malicious content. Organizations using affected versions of Microsoft Exchange should prioritize remediation to safeguard their email communication and maintain user trust.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.017

Microsoft Exchange Server 2019 Cumulative Update 11 x64-based Systems 15.02.0 < 15.02.0986.037

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.021

News Articles

favicon imageBornCity

Exchange Server Security Updates (January 10, 2023)

[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of January 10, 2023. These security updates close two vulnerabilities (Elevation of Privilege and Spoofing) in this software. These updates should be installed on systems in a t...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BornCity

  • Vulnerability published

  • Vulnerability Reserved

.