Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0666
MS17-015 - Important: Security Update for Microsoft Exchange
Server (4013242)
15 March 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Exchange Server
Publisher: Microsoft
Operating System: Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Impact/Access: Increased Privileges -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-0110
Original Bulletin:
https://technet.microsoft.com/en-us/library/security/MS17-015
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin MS17-015: Security Update for Microsoft Exchange
Server (4013242)
Bulletin Number: MS17-015
Bulletin Title: Security Update for Microsoft Exchange Server
Severity: Important
KB Article: 4013242
Version: 1.0
Published Date: 14/03/2017
Executive Summary
This security update resolves a vulnerability in Microsoft Exchange Outlook
Web Access (OWA).
The vulnerability could allow remote code execution in Exchange Server if an
attacker sends an email with a specially crafted attachment to a vulnerable
Exchange server.
This security update is rated Important for all supported editions of
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016. For more
information, see the Affected Software and Vulnerability Severity Ratings
section.
The security update addresses the vulnerability by correcting how Microsoft
Exchange validates web requests.
For more information about the vulnerability, see the Vulnerability
Information section.
For more information about this update, see Microsoft Knowledge Base Article
4013242.
Affected Software
Executive Summary
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Vulnerability Information
Microsoft Exchange Elevation of Privilege Vulnerability CVE-2017-0110
An elevation of privilege vulnerability exists in the way that Microsoft
Exchange Outlook Web Access (OWA) fails to properly handle web requests.To
exploit the vulnerability, an attacker who successfully exploited this
vulnerability could, perform script/content injection attacks, and attempt to
trick the user into disclosing sensitive information.
An attacker could exploit the vulnerability by sending a specially crafted
email, containing a malicious link, to a user. Alternatively, an attacker
could use a chat client to social engineer a user into clicking on the
malicious link.
The security update addresses the vulnerability by correcting how Microsoft
Exchange validates web requests.
NOTE: For this vulnerability to be exploited, a user must click on a
maliciously crafted link from an attacker.
Mitigating Factors
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
Security Update Deployment
For Security Update Deployment information, see the Microsoft Knowledge Base
article referenced here in the Executive Summary.
Acknowledgments
Microsoft recognizes the efforts of those in the security community who help
us protect customers through coordinated vulnerability disclosure. See
Acknowledgments for more information.
Disclaimer
The information provided in the Microsoft Knowledge Base is provided "as is"
without warranty of any kind. Microsoft disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness
for a particular purpose. In no event shall Microsoft Corporation or its
suppliers be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages, even
if Microsoft Corporation or its suppliers have been advised of the possibility
of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing limitation
may not apply
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWMiHCox+lLeg9Ub1AQgNCQ//aosgWHyhuQ06zRvo/DPwQCKi1HgePNZX
m+97MJ3KyTGHIEUUK0X5PIZxKOo88GtCg3QWTG6FRTzStlUMwnR65mSIHYd5SfBe
2JZ4xwRdyfK6nGD7oD3YDsKKqfhvQMAmkxQOFj2ksXLcb7NxDsy7k4qxsNvYhVE4
LnCh9Sxef2zhpl/A9CUNd514CczVWy2rnsutE7zLSn2s8aNb5iGW8k0q8yx3SH1O
zpRNxrkiCaxWdmJB1fHOPDRW5q6bvHUcOP20O/QgN6N35M2ustk1EdTasFlurtYw
tLm5QGo6Vuh2R6/T3auqxLMP8L4vu3DG9JFT4unwkVa6pFUjJs4cTut+1N16IS0Y
56os3wy1gVdYUGenONIJcSCwZYnqup4gTiO8zkInnpFBHhw1ulvRoY/y5gyCcnC0
NUQZ4ulitzdnV4w/yLZ2WIgxEs+yan07dRyjw2mf8lNimftxCM6zB8QlEPefOsvi
IdWD24nZIlktGug4RUWU+ydrwVfVWtuaQHWQAdZ3pWsbaIYDhnwWZ2b6AgdaBso+
/3PcX7l/ms2nmjF5oksBjsHoYMQ0hWIQg3i9zAYu9pLGjoWaIFTzdXK7zMwisIcu
bjMnXD/lDgEheFiqcb0Nx1jBWAbTRREh9NXHQeN6p2joFxYHKyrEhUxbvDeeV3y8
unYwj1idLYY=
=4jsM
-----END PGP SIGNATURE-----