#Microsoft Exchange Server

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker could spoof incorrect **5322.From** email address that is displayed to a user.

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability within the organization’s cloud environment?** In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.

**Is there additional information I need to know about or actions to perform after installing the update?** Yes, please see the information available in Exchange Server non-RFC compliant P2 FROM header detection.

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.