vulnerability
Microsoft CVE-2018-8302: Microsoft Exchange Memory Corruption Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 14, 2018 | Aug 14, 2018 | Oct 15, 2018 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 14, 2018
Added
Aug 14, 2018
Modified
Oct 15, 2018
Description
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Solutions
msft-kb4340731-236458e2-4e58-43d6-8ad4-d503e8b19347msft-kb4340731-3991be38-e267-4b86-be52-eec42ec1aa4emsft-kb4340733-590fa312-9e83-46e9-a2da-9ccebf41c868
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.