This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.
How to get and install this update
Method 1: Microsoft UpdateThis update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Turn on automatic updating in Control Panel.
Method 2: Microsoft Download CenterYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Click the download link in Microsoft Security Bulletin MS16-108 that corresponds to the version of Windows that you are running.