Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS14-008.

Impact

Successful exploitation will allow an attacker to run arbitrary code via a specially crafted email message and compromise a vulnerable system. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/bulletin/ms14-008

Insight

The flaw is due to an unspecified error when parsing mail content.

Affected

Microsoft Forefront Protection 2010 for Exchange Server

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://secunia.com/advisories/56788
https://support.microsoft.com/kb/2927022
https://technet.microsoft.com/en-us/security/bulletin/ms14-008

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0294
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (937143)
Consent User Interface Privilege Escalation Vulnerability (2442962)
Cumulative Security Update for Internet Explorer (939653)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

Take action and discover your vulnerabilities