Endpoint Vulnerability

Microsoft Exchange Information Disclosure Vulnerability

Description

An input sanitization issue exists with Microsoft Exchange that could potentially result in unintended Information Disclosure. An attacker who successfully exploited the vulnerability could identify the existence of RFC1918 addresses on the local network from a client on the Internet. An attacker could use this internal host information as part of a larger attack.

Affected Products

Microsoft Exchange Server 2013 Cumulative Update 16,Microsoft Exchange Server 2013 Cumulative Update 17,Microsoft Exchange Server 2013 Service Pack 1,Microsoft Exchange Server 2016 Cumulative Update 5,Microsoft Exchange Server 2016 Cumulative Update 6

References

CVE-2017-11761,