Description of the security update for Microsoft Exchange: September 12, 2017

Applies to: Exchange Server 2013 Service Pack 1Exchange Server 2016 Enterprise EditionExchange Server 2013 Enterprise


Security update package 4045655 was released to address a known issue in this original security update. The 4045655 update removes the fix for this vulnerability.


This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8758 and CVE-2017-11761.

Known issues in this security update

After this security update is installed, customers that are using split DNS may encounter problems that affect Calendar Sharing. Security update package 4045655 was released to address this issue. The 4045655 update removes the fix for this vulnerability.