(MS14-075) Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)

  Severity: HIGH
  CVE Identifier: CVE-2014-6319
  Advisory Date: DEC 10, 2014

  DESCRIPTION

This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web App site. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website, and then convince them to click the specially crafted URL.

  TREND MICRO PROTECTION INFORMATION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010 Service Pack 3
  • Microsoft Exchange Server 2013 Service Pack 1
  • Microsoft Exchange Server 2013 Cumulative Update 6