Test ID:	1.3.6.1.4.1.25623.1.0.815515
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Exchange Server Multiple Vulnerabilities (KB4509409)
Summary:	This host is missing an important security; update according to Microsoft KB4509409.
Description:	Summary: This host is missing an important security update according to Microsoft KB4509409. Vulnerability Insight: Multiple flaws exist due to: - An error when Exchange allows creation of entities with Display Names having non-printable characters. - An elevation of privilege error in Microsoft Exchange Server. - An error when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. Vulnerability Impact: Successful exploitation will allow attackers to gain the same rights as any other user of the Exchange server, gain access to potentially sensitive information and perform cross-site scripting attacks on affected systems Affected Software/OS: - Microsoft Exchange Server 2016 Cumulative Update 12 - Microsoft Exchange Server 2016 Cumulative Update 13 - Microsoft Exchange Server 2013 Cumulative Update 23 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1136 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136 Common Vulnerability Exposure (CVE) ID: CVE-2019-1084 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084 Common Vulnerability Exposure (CVE) ID: CVE-2019-1137 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.