| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-010 | Security Update in Microsoft Exchange Server to Address Spoofing (3124557) | Microsoft Exchange | Important | 13-01-2016 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
Detailed Information on the risk:
Multiple spoofing vulnerabilities exist in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerabilities could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Microsoft Exchange Server 2013 Service Pack 1 Further information on this exploit is available at : MS16-010
Microsoft Exchange Server 2013 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 11
Microsoft Exchange Server 2016
Affected Software
Microsoft Exchange Server 2013 Service Pack 1Microsoft Exchange Server 2013 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 11
Microsoft Exchange Server 2016