<< Back
CVE Number Vulnerability Product Severity Date
MS16-108 Security Update for Microsoft Exchange Server (3185883) Microsoft Exchange Critical 14-09-2016

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications.Further information on this exploit is available at : MS16-108

Affected Software

Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016