This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In Libraries that are built into Exchange Server. This issue might occur if an attacker sends an email message with a specially crafted attachment to a vulnerable Exchange Server computer. To learn more about this vulnerability, see Microsoft Security Bulletin MS16-108.
More information about this security updateThe following articles contain more information about this security update as it relates to individual product versions.
- 3184736 MS16-108: Description of the security update for Exchange Server 2016 and Exchange Server 2013: September 13, 2016
- 3184728 MS16-108: Update Rollup 15 for Exchange Server 2010 Service Pack 3: September 13, 2016
- 3184711 MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.