CVE-2015-1771

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2013 SP1 Microsoft Exchange Server Cumulative Update 8

Description The issue is related to a cross-site request forgery (CSRF) vulnerability in the web applications of Microsoft Exchange Server. This vulnerability allows remote attackers to hijack the authentication of arbitrary users. The exploitation of this vulnerability requires the victim to be authenticated to the target site, and it is related to the improper management of user sessions by Exchange.

Recommendations For Microsoft Exchange Server 2013 SP1, update to a version that properly manages user sessions to prevent CSRF attacks. For Microsoft Exchange Server Cumulative Update 8, ensure that user sessions are correctly handled to mitigate the risk of elevation of privilege attacks. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.