vulnerability
Microsoft CVE-2019-1084: Microsoft Exchange Information Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 9, 2019 | Jul 9, 2019 | Jul 24, 2019 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 9, 2019
Added
Jul 9, 2019
Modified
Jul 24, 2019
Description
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters.
An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible.
This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients.
Solutions
msft-kb4464558-4e110483-681c-4dc7-bf4e-daca751b8e0emsft-kb4464558-7506bb51-1312-41ab-a838-d6d717bcb0b4msft-kb4464592-65c43554-8f8a-4c41-95b7-01af93b44b86msft-kb4464592-e0b4a241-d1ff-4160-91d4-7ffa4a9edc8bmsft-kb4475509-842e8ac2-4bd0-4890-8ab3-bce4d007d1f3msft-kb4475509-bf1ab9f0-4648-4955-8ae6-6785ab1769demsft-kb4475519-04a79f7a-b939-4cc3-a393-f1d050747cc1msft-kb4475519-76a021e1-d0ff-45ac-8b45-52c2000c92cbmsft-kb4509409-508db76e-9534-4400-a3fb-b51e27df7374msft-kb4509410-59d60b6f-3e17-410e-8dee-f0d8b23420e7
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.