vulnerability
Microsoft CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 9, 2019 | Jul 9, 2019 | Jul 24, 2019 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 9, 2019
Added
Jul 9, 2019
Modified
Jul 24, 2019
Description
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters.
An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible.
This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
Solutions
msft-kb4464558-4e110483-681c-4dc7-bf4e-daca751b8e0emsft-kb4464558-7506bb51-1312-41ab-a838-d6d717bcb0b4msft-kb4464592-65c43554-8f8a-4c41-95b7-01af93b44b86msft-kb4464592-e0b4a241-d1ff-4160-91d4-7ffa4a9edc8bmsft-kb4475509-842e8ac2-4bd0-4890-8ab3-bce4d007d1f3msft-kb4475509-bf1ab9f0-4648-4955-8ae6-6785ab1769demsft-kb4475519-04a79f7a-b939-4cc3-a393-f1d050747cc1msft-kb4475519-76a021e1-d0ff-45ac-8b45-52c2000c92cbmsft-kb4509409-508db76e-9534-4400-a3fb-b51e27df7374msft-kb4509410-59d60b6f-3e17-410e-8dee-f0d8b23420e7
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.