Applies ToExchange Server 2013 SP1 Exchange Server 2016 Enterprise Edition Exchange Server 2013 Enterprise Edition Exchange Server 2013 Standard Edition

Notice

Security update package 4045655was released to address a known issue in this original security update. The 4045655 update removes the fix for this vulnerability.

Symptoms

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-8758 and CVE-2017-11761.

Known issues in this security update

After this security update is installed, customers that are using split DNS may encounter problems that affect Calendar Sharing. Security update package 4045655 was released to address this issue. The 4045655 update removes the fix for this vulnerability.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.