SB2016091306 - Security Update for Microsoft Exchange Server

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Remote code execution (CVE-ID: CVE-2016-3575)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

2) Remote code execution (CVE-ID: CVE-2016-3581)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

3) Remote code execution (CVE-ID: CVE-2016-3582)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

4) Remote code execution (CVE-ID: CVE-2016-3583)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

5) Remote code execution (CVE-ID: CVE-2016-3595)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

6) Remote code execution (CVE-ID: CVE-2016-3594)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

7) Remote code execution (CVE-ID: CVE-2015-6014)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

8) Remote code execution (CVE-ID: CVE-2016-3593)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

9) Remote code execution (CVE-ID: CVE-2016-3592)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

10) Remote code execution (CVE-ID: CVE-2016-3596)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

11) Remote code execution (CVE-ID: CVE-2016-3591)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

12) Information disclosure (CVE-ID: CVE-2016-3574)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can gain access to potentially sensitive data.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

13) Denial of service (CVE-ID: CVE-2016-3576)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

14) Denial of service (CVE-ID: CVE-2016-3577)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

15) Denial of service (CVE-ID: CVE-2016-3578)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

16) Denial of service (CVE-ID: CVE-2016-3579)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

17) Denial of service (CVE-ID: CVE-2016-3580)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

18) Denial of service (CVE-ID: CVE-2016-3590)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to a flaw in the Outside In Technology Outside In Filters component. A remote attacker can access data, partially modify data, and partially deny service on the system.

Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References

• https://technet.microsoft.com/en-us/library/security/ms16-108.aspx