First published: Wed May 09 2018(Updated: )
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Exchange Server | =2010-sp3 | |
Microsoft Exchange Server | =2013-cumulative_update_19 | |
Microsoft Exchange Server | =2013-cumulative_update_20 | |
Microsoft Exchange Server | =2013-sp1 | |
Microsoft Exchange Server | =2016-cumulative_update_8 | |
Microsoft Exchange Server | =2016-cumulative_update_9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8154 is rated as critical due to its potential for remote code execution.
To fix CVE-2018-8154, apply the security update released by Microsoft for your specific version of Exchange Server.
CVE-2018-8154 affects Microsoft Exchange Server 2010 SP3, 2013 with cumulative updates 19 and 20, and 2016 with cumulative updates 8 and 9.
Exploiting CVE-2018-8154 could allow an attacker to execute arbitrary code on the affected Exchange Server.
There are no known workarounds for CVE-2018-8154; applying the appropriate security update is critical.