Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49040
Key Information:
- Vendor
- Microsoft
- Status
- Microsoft Exchange Server 2019 Cumulative Update 13
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2016 Cumulative Update 23
- Vendor
- CVE Published:
- 12 November 2024
Badges
Summary
This vulnerability in Microsoft Exchange Server allows attackers to exploit the email system through spoofing techniques. By manipulating the perception of sender authenticity, unauthorized users can send malicious email communications that appear trustworthy. This compromises the integrity of email transactions and poses a threat to organizational security. Companies utilizing affected versions of Microsoft Exchange are urged to implement necessary patches and updates to safeguard against potential attacks.
Affected Version(s)
Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.044
Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.039
Microsoft Exchange Server 2019 Cumulative Update 14 x64-based Systems 15.02.0 < 15.02.1544.014
News Articles
KasperskyCVE-2024-49040Spoofing via CVE-2024-49040
Kaspersky experts have added spoofing detection technology to email protection solutions that can stop exploitation of the CVE-2024-49040 vulnerability.
1 month ago
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.
2 months ago
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by BleepingComputer
Vulnerability published