<< Back
CVE Number Vulnerability Product Severity Date
MS16-010 Security Update in Microsoft Exchange Server to Address Spoofing (3124557) Microsoft Exchange Important 13-01-2016

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.

Detailed Information on the risk:

Multiple spoofing vulnerabilities exist in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerabilities could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.

Further information on this exploit is available at : MS16-010

Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 11
Microsoft Exchange Server 2016

Affected Software

Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Update 10
Microsoft Exchange Server 2013 Cumulative Update 11
Microsoft Exchange Server 2016