Summary

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-11932 and ADV170023.
 

Improvements and fixes

This security update was released to address a known issue in security update 4036108 in which customers that are using split DNS may encounter problems that affect Calendar Sharing. This update removes the fix for this vulnerability. 

Known issues

  • We are aware of some reports that Exchange services may remain in a disabled state after you install this security update. If this occurs, the update is installed correctly. However, the service control scripts encounter a problem when they try to return Exchange services to its usual state. To resolve this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.

  • When you try to manually install this security update in "normal mode" (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user account control). The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode as an administrator. To do this, right click the update file, and then click Run as administrator.

How to get and install the update

Method 1: Microsoft Update

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: December 12, 2017

Package name

Package hash SHA 1

Package hash SHA 2

E16CU7 Exchange2016-KB4045655-x64-en.msp

AD7A5B178CDEEAE80A233073FDF5F09651A767D3

125BE0BE5AE4965C2A1F3F782047A322CAD58CEF69849C79E714D982C7DDDE7D

E16CU6 Exchange2016-KB4045655-x64-en.msp

5792593D9700FB5B2C02D79008D9C88569061A0F

3EBA47CE4053AE04D0D410FB5A800871324A91160246BBE9891068C696DEB963

E15CU18 Exchange2013-KB4045655-x64-en.msp

48ADA3FA1409A829E2D01EEF84921F466E576659

941F2ABACC936D258C95581A1185A80BF79A7E036D0FAA8778E77CACE6272520

E15CU17 Exchange2013-KB4045655-x64-en.msp

30BAFADCC699281B7FB63240150987222683F44A

304098CD045AE20C3E7A772B79B226D693077476B155A739B4F16FBBF3567C8D

File information

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×