MS15-026: Vulnerabilities in Exchange Server could allow elevation of privilege: March 10, 2015

Exchange Server 2013 Service Pack 1Exchange Server 2013 EnterpriseExchange Server 2013 Standard Edition

INTRODUCTION


Microsoft has released security bulletin MS15-026. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information


How to obtain this update

Microsoft Update

Use the Windows automatic updating feature to install the update from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.

Issue that is fixed in this update

Multiple Outlook Web App XSS Vulnerabilities

An attacker who successfully exploits these vulnerabilities could read content that he or she is not authorized to read. The attacker could also use the identity of the victim to take actions on the Microsoft Outlook Web App site on behalf of the victim, such as changing permissions, deleting content, and injecting malicious content in the browser of the victim.

Security update deployment