Microsoft Patch Update has been released for Exchange 2010 SP3,2013 and 2016 as it has been using some elements from Oracle Outside in libraries and were affected by the Vulnerabilities CVE-2018-2768, CVE-2018-2806, and CVE-2018-2801. Oracle has released Microsoft Patch Update to address these aforementioned vulnerabilities and additional information can be found over here.
Microsoft’s patches
Product
|
Article
|
Download
|
Impact
|
Severity
|
---|---|---|---|---|
Microsoft Exchange Server 2010 Service Pack 3 | 4295699 | Update | None | None |
Microsoft Exchange Server 2013 | 4099855 | Update | None | None |
Microsoft Exchange Server 2016 | 4099852 | Update | None | None |
CVE-2018-2768, CVE-2018-2806, and CVE-2018-2801
The easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.
Read More – eScan Blog