MS16-079: Description of the security update for Exchange Server 2016 and Exchange Server 2013: June 14, 2016

Applies to: Exchange Server 2016 Enterprise EditionExchange Server 2016 Standard EditionExchange Server 2013 Service Pack 1


This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that would be loaded, without warning or filtering, from the attacker-controlled URL. This security update also resolves a vulnerability that could allow an Elevation of Privilege in Oracle products installed on a Microsoft Exchange Server. 

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-079.

More Information

Security update deployment information

For deployment information about this update, see Microsoft Knowledge Base article KB3160339.

Security update replacement information

This security update replaces previously released security update KB3124557.