Endpoint Vulnerability

Microsoft Exchange Spoofing Vulnerability

Description

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 6,Microsoft Exchange Server 2016 Cumulative Update 7

References

CVE-2017-11932,