Microsoft Exchange Server Spoofing Vulnerability
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exchange_server | Microsoft | 2016 (including) | 2016 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_1 (including) | 2016-cumulative_update_1 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_10 (including) | 2016-cumulative_update_10 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_11 (including) | 2016-cumulative_update_11 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_12 (including) | 2016-cumulative_update_12 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_13 (including) | 2016-cumulative_update_13 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_14 (including) | 2016-cumulative_update_14 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_15 (including) | 2016-cumulative_update_15 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_16 (including) | 2016-cumulative_update_16 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_17 (including) | 2016-cumulative_update_17 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_18 (including) | 2016-cumulative_update_18 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_19 (including) | 2016-cumulative_update_19 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_2 (including) | 2016-cumulative_update_2 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_20 (including) | 2016-cumulative_update_20 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_21 (including) | 2016-cumulative_update_21 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_22 (including) | 2016-cumulative_update_22 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_3 (including) | 2016-cumulative_update_3 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_4 (including) | 2016-cumulative_update_4 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_5 (including) | 2016-cumulative_update_5 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_6 (including) | 2016-cumulative_update_6 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_7 (including) | 2016-cumulative_update_7 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_8 (including) | 2016-cumulative_update_8 (including) |
| Exchange_server | Microsoft | 2016-cumulative_update_9 (including) | 2016-cumulative_update_9 (including) |
| Exchange_server | Microsoft | 2019 (including) | 2019 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_1 (including) | 2019-cumulative_update_1 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_10 (including) | 2019-cumulative_update_10 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_11 (including) | 2019-cumulative_update_11 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_12 (including) | 2019-cumulative_update_12 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_2 (including) | 2019-cumulative_update_2 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_3 (including) | 2019-cumulative_update_3 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_4 (including) | 2019-cumulative_update_4 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_5 (including) | 2019-cumulative_update_5 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_6 (including) | 2019-cumulative_update_6 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_7 (including) | 2019-cumulative_update_7 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_8 (including) | 2019-cumulative_update_8 (including) |
| Exchange_server | Microsoft | 2019-cumulative_update_9 (including) | 2019-cumulative_update_9 (including) |
If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event. UI misrepresentation can take many forms: