Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service.
Detailed Information on the risk:
A denial of service vulnerability exists in the way that the Microsoft Exchange store processes specially crafted RPC calls. The vulnerable code path is only accessible to authenticated users. An authenticated attacker could exploit the vulnerability by sending a specially crafted network message to a computer running the Exchange service. An attacker who successfully exploited this vulnerability could cause the Exchange service to stop responding until manually restarted.Further information on this exploit is available at : MS10-106