vulnerability
Microsoft CVE-2018-8154: Microsoft Exchange Memory Corruption Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | May 8, 2018 | May 8, 2018 | Oct 5, 2018 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
May 8, 2018
Added
May 8, 2018
Modified
Oct 5, 2018
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Solutions
msft-kb4091243-3d6576be-2745-4b6d-b92b-486708c4125amsft-kb4092041-a6c2e348-e8ab-4935-adf5-17027a98891cmsft-kb4092041-bf884a5b-c25b-47ed-a132-a6df393181f6msft-kb4092041-c1fd6052-a54c-4c2a-a454-3e2c9d2cf738msft-kb4458321-bd9ec536-2d3a-4ff9-be35-7d7924f4558c
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.