MS17-015: Security Update for Microsoft Exchange Server: March 14, 2017

Applies to: Exchange Server 2016 Enterprise EditionExchange Server 2016 Standard EditionExchange Server 2013 Service Pack 1 More

Summary


This update resolves a vulnerability in the Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email that includes a specially crafted attachment to a vulnerable Exchange server. To learn more about this vulnerability, see Microsoft Security Bulletin MS17-015.
Important
  • All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Additional information about this security update


The following article contains additional information about this security update as it relates to individual product versions. The article may contain known issue information.
  • 4012178 MS17-015: Description of the security update for Exchange Server 2016 and Exchange Server 2013: March 14, 2017

Security update deployment information


Microsoft Exchange Server 2013

Reference table

The following table contains the security update information for this software.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Security update file name

For Microsoft Exchange Server 2013 Service Pack 1 and Microsoft Exchange Server 2013 Cumulative Update 14:
Exchange2013-KB4012178-x64-en.msp

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

In some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.

Update log file

KB4012178.log

Removal information

Use the Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 4012178

Registry key verification

For supported editions of Microsoft Exchange Server 2013:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2013\KB4012178

 

Microsoft Exchange Server 2016

Reference table

The following table contains the security update information for this software.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Security update file name

For Microsoft Exchange Server 2016 Cumulative Update 3:
Exchange2016-KB4012178-x64-en.msp

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

In some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.

Update log file

KB4012178.log

Removal information

Use the Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 4012178

Registry key verification

For supported editions of Microsoft Exchange Server 2016:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2016\KB4012178

How to obtain help and support for this security update


Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support