CVE-2019-1084

Description

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

Affected products

• Microsoft / Mail and Calendarunspecified – unspecified
• Microsoft / Microsoft Exchange Server2010 Service Pack 3 – 2010 Service Pack 3
• Microsoft / Microsoft Exchange Server 2013Cumulative Update 23 – Cumulative Update 23
• Microsoft / Microsoft Exchange Server 2016Cumulative Update 13 – Cumulative Update 13
• Microsoft / Microsoft Exchange Server 2016Cumulative Update 12 – Cumulative Update 12
• Microsoft / Microsoft Exchange Server 2019Cumulative Update 2 – Cumulative Update 2
• Microsoft / Microsoft Exchange Server 2019Cumulative Update 1 – Cumulative Update 1
• Microsoft / Microsoft Lync2013 Service Pack 1 (64-bit) – 2013 Service Pack 1 (64-bit)
• Microsoft / Microsoft Lync2013 Service Pack 1 (32-bit) – 2013 Service Pack 1 (32-bit)
• Microsoft / Microsoft Lync Basic2013 Service Pack 1 (64-bit) – 2013 Service Pack 1 (64-bit)
• Microsoft / Microsoft Lync Basic2013 Service Pack 1 (32-bit) – 2013 Service Pack 1 (32-bit)
• Microsoft / Microsoft Office2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Office2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Office2019 for 32-bit editions – 2019 for 32-bit editions
• Microsoft / Microsoft Office2019 for 64-bit editions – 2019 for 64-bit editions
• Microsoft / Microsoft Office2019 for Mac – 2019 for Mac
• Microsoft / Microsoft Office2013 Service Pack 1 (32-bit editions) – 2013 Service Pack 1 (32-bit editions)
• Microsoft / Microsoft Office2013 RT Service Pack 1 – 2013 RT Service Pack 1
• Microsoft / Microsoft Office2016 for Mac – 2016 for Mac
• Microsoft / Microsoft Office2013 Service Pack 1 (64-bit editions) – 2013 Service Pack 1 (64-bit editions)
• Microsoft / Microsoft Outlook2013 Service Pack 1 (64-bit editions) – 2013 Service Pack 1 (64-bit editions)
• Microsoft / Microsoft Outlook2010 Service Pack 2 (32-bit editions) – 2010 Service Pack 2 (32-bit editions)
• Microsoft / Microsoft Outlook2010 Service Pack 2 (64-bit editions) – 2010 Service Pack 2 (64-bit editions)
• Microsoft / Microsoft Outlook2016 (32-bit edition) – 2016 (32-bit edition)
• Microsoft / Microsoft Outlook2016 (64-bit edition) – 2016 (64-bit edition)
• Microsoft / Microsoft Outlook2013 Service Pack 1 (32-bit editions) – 2013 Service Pack 1 (32-bit editions)
• Microsoft / Microsoft Outlook for Androidunspecified – unspecified
• Microsoft / Office 365 ProPlus32-bit Systems – 32-bit Systems
• Microsoft / Office 365 ProPlus64-bit Systems – 64-bit Systems
• Microsoft / Outlook for iOSunspecified – unspecified
• Microsoft / Skype for Business2016 (32-bit) – 2016 (32-bit)
• Microsoft / Skype for Business2016 (64-bit) – 2016 (64-bit)
• Microsoft / Skype for Business Basic2016 (32-bit) – 2016 (32-bit)
• Microsoft / Skype for Business Basic2016 (64-bit) – 2016 (64-bit)

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084