(MS13-061) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
Publish date: August 16, 2013
Severity: CRITICAL
CVE Identifier: CVE-2013-2393,CVE-2013-3776,CVE-2013-3781
Advisory Date: AUG 16, 2013
DESCRIPTION
This security update resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Microsoft Exchange Server 2010 Service Pack 2
- Microsoft Exchange Server 2010 Service Pack 3
- Microsoft Exchange Server 2013 Cumulative Update 2
- Microsoft Exchange Server 2013 Cumulative Update 1
- Microsoft Exchange Server 2007 Service Pack 3
Featured Stories
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
- A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
- How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
- Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more