CVE-2019-0586 RSS

1

CVE-2019-0586

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0586

On this page
Executive Summary
Exploitability Assessment
Security Updates
Mitigations
Workarounds
FAQ
Acknowledgements
Disclaimer
Revisions
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

---
Is vamsoft aware if we can block such mails or do they attack prior to spam filtering?

by christopher.low 3 months ago
2

@christopher.low: Unfortunately Microsoft has not disclosed any more details of the vulnerability than what is published in the security update guide, so we do not know how the exploit works or what the email contains exactly. We recommend that you install the update as soon as possible.

The update rollup can be found at:
https://support.microsoft.com/en-us/help/4471389/description-of-the-security-update-for-microsoft-exchange-server-2019

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed