MS15-103: Vulnerabilities in Microsoft Exchange could allow information disclosure: September 8, 2015

Summary
This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if Outlook Web Access (OWA) does not handle web server requests correctly. 
 
To learn more about the vulnerability, see Microsoft Security Bulletin MS15-103.
More information about this security update
The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3087126 MS15-103: Description of the security update for Exchange Server: September 8, 2015
How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-103 that corresponds to the version of Windows that you are running.
More information

Security update deployment information

Microsoft Exchange Server 2013

Reference Table

The following table contains the security update information for this software.
Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file nameFor Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 8 and Microsoft Exchange Server 2013 Cumulative Update 9:
Exchange2013-KB3087126-x64-en.msp
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.
Update log fileKB3089250.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section.
Registry key verificationFor supported editions of Microsoft Exchange Server 2013:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange 2013\KB3089250

File hash information

File hash information for Exchange Server 2013 CU8

Package NamePackage Hash SHA 1Package Hash SHA 2
Exchange2013-KB3087126-x64-de.mspA8BF2EB0EB6A8B726A26B718A03F81C15D106D1A049EA3A25954256DABEC07B01A7388D71A14439727CB57FBF3F75A70099947E3
Exchange2013-KB3087126-x64-en.msp3DEA29E09AD9DB7552F7D41840282F068BC6FA3D4812DBD3C27887A3C10D3CC9CAEEA0B3E23A27EF64A91DF58DB052045F0698A9
Exchange2013-KB3087126-x64-es.msp383BD4305DBA5A3B76F31CF35A904BE291D6755489914283F98225DD110CCF22CFD684F74CB60B90D01FCC0BE6F63B3D8B58B682
Exchange2013-KB3087126-x64-fr.msp7EE7EB31991812542E7856904780C93241836692B3A33C209C32CECF293D2CF84D85A0F5BC1B4F86ADE26CD8AF106FACCE92A8BB
Exchange2013-KB3087126-x64-it.mspB25F51F4E54552C9380CEB717A5D6D370176B228F61003861603B8BFA25A763A084AEFF14323ADC4F7EB5EA1AC42027BA1650322
Exchange2013-KB3087126-x64-ja.msp22230FD0A9FBC2B1BFFC1B9A138EB12E8F4FB28DC47ADF4759DCBA78225CC67A84750CA3AC7A34649A08935F0760AA0CFFC70C63
Exchange2013-KB3087126-x64-ko.msp8C4064AD2BFCB61FC1CB43C010EBD2B313E74EA68B54D3638758528AA21FDF8B42B54311ABE54356BFC68249D802078B31794E8D
Exchange2013-KB3087126-x64-pt.msp1379BC68021B7B0C4BA9E27A224FF7296242097A085577EB02F6DA581E085FC929A1522CF20C95853CED298F2BCF910F56B51A8B
Exchange2013-KB3087126-x64-ru.mspB5594E6442C44A0A872AAD7019EC4DA80866792A2A9715377B22BDE37A9A6EDCD8DBE8DA298B680E2DAFC1069B24B531CFDCFC46
Exchange2013-KB3087126-x64-zh-hans.msp2A91C2C0AF853981E28DC969DA6779100AF22D90B8BDC67C3EA63E8EAF4309C03A0F2F6CA5AE3B4D318AF90F33A8671AC303DA78
Exchange2013-KB3087126-x64-zh-hant.msp3CF85B385969135FDAFFEB58DADDDA1BDFC3E6539C013386CAE182FEB7BDF6A21F79BAFCB3B9601A7C7B2FB36A100846398A726B

File hash information for Exchange Server 2013 CU9

Package NamePackage Hash SHA 1Package Hash SHA 2
Exchange2013-KB3087126-x64-de.msp52B6B71F053B6D0C296DC91B0ED00C5427E422194CD932989C1441ADE05401AE45939838894E6D0A6DF9B7A6CBF596F05CC3B92C
Exchange2013-KB3087126-x64-en.msp5F6946B649F19DEC667DF2F5F3FE1810D998622A2B33631BBD08B4C27ABA36C80C98AA50FA2AA6667BFC1DDA4C596BF4B6CE305E
Exchange2013-KB3087126-x64-es.msp63D1DCB080155CD747047E69215E8BE1C2B671E851E66C811AE7E74991A59B68669F301DD79D1311DE4C49FAEDF43A93052EFA8E
Exchange2013-KB3087126-x64-fr.msp5FF49867AFEC7A798C00DA3C8D5FDFAD6ED84E291D9C3C688896DD6B182BE3F2EBB6DB3586FD6ABEF3AF53640AEC187E8D40B32F
Exchange2013-KB3087126-x64-it.msp47CC82E33F8C6244239D0DE2A160ED06C85B13C9A691DF6CE7CF40F6624A7E4AD98953C904DA2027812EEF8C294838F872E06D61
Exchange2013-KB3087126-x64-ja.msp002D8D0266D206E92C42DBB536F5951289ADDE5DCD57B56F2C7F5D3253E3EC7B601E30BB50B2E949611DA628B3EC7E72E7E32033
Exchange2013-KB3087126-x64-ko.msp777E1B38D68E6221EDDBB291B124891C0262D88541DDB02D9140CC955364B9B7D1615B0D11E33D4C832CEEC7FF415A7CA5B2089E
Exchange2013-KB3087126-x64-pt.mspD9182A714A4DF83FA688C1D1731FD248AA210E4BD88DF9265FF45B10DD23F702AD401503CDF96CF30D05E612F685B43A9CEFD612
Exchange2013-KB3087126-x64-ru.mspFEA83B288C1858DB51FCFBFB473E215474311D5A2988897C6FC96FFF6418092FCEF368821226848356512EE3EF9FA147000FF126
Exchange2013-KB3087126-x64-zh-hans.msp3423A522B3420816AF7550AD17518608FC2F6E45B83F716C292214FB44DC7894751D0086B5D041034B482C3323AAF921E2344D97
Exchange2013-KB3087126-x64-zh-hant.msp15E1FAB87277306D034200AC049906E06FCE2D4AA9FD3DD6966363C11D4A8A59FFB32A7CF7E8C65CDB7B2D11B5B9FD8C90746D09

File hash information for Exchange Server 2013 SP1

Package NamePackage Hash SHA 1Package Hash SHA 2
Exchange2013-KB3087126-x64-de.mspA6C9FD49B5C0BC2F946912C76869F4AF5AA3BB59689527789856CE4AC511250F9610A291A1438E98030BBCD1C2996F1502B73757
Exchange2013-KB3087126-x64-en.msp969F481459B7D459699E79315263F190D02F8DEB4434BE0BC484C6C4688F2E18930782EE46EF8B781B4FA2FDFB19DAE47E51637B
Exchange2013-KB3087126-x64-es.msp18D44908AA2D6E3149BFD0E7F0645191A68AB0DD15E38BDBDAB00CA5F7F4DCE982088C071072C51018E0C3D18834C2269D261F50
Exchange2013-KB3087126-x64-fr.msp8BD446A54DD69E82D95907E8B3DCC15CA5AE7794AB399F8453AA7D712AB2D1051A34014121976E124D30D295050C6B5D2D5ADA16
Exchange2013-KB3087126-x64-it.msp508B671EA653B6518EED679238914F626C2BB882D31DE79DBB2233A0D95EC233D41BA4461E12F6B8DE17B6AC61EEC0521A0AA0FA
Exchange2013-KB3087126-x64-ja.mspC731760131F175B423DDD099407518C6AC4DAEBD749DE146493BB7A1C3182DC26D2A7A7DC7C4AFC264FA8DAE219B3445325FE983
Exchange2013-KB3087126-x64-ko.msp4839BEE5D14D28062850FD0A7C309DECEB4EAAA293F4E66858FC2343EC33BF94A34977042D50A2BAD7D6FA5A81107D4832F09DBD
Exchange2013-KB3087126-x64-pt.msp71F0BFF7B9885BAB62FEAFAF23E02F8987319D912F69EB4259061E1A576E671ADF2EE3047CB50A9A81E5F969472EBFE70F38666D
Exchange2013-KB3087126-x64-ru.mspB18C85AEE18BA42557D94B2B32324102B0B79EB5ED18FE9BD7FC01EA0AA5F7CE95A92A25ABF1C93763AB2C242E82912ED0A350FC
Exchange2013-KB3087126-x64-zh-hans.msp9514CD93073C4CBD47BCB9F1F685FD9D1142CA7DDE82DB66544D479E2093C0D2797948114868FCCC38DD4D217DD0990007F4201F
Exchange2013-KB3087126-x64-zh-hant.mspB783265D4955CFDB35FEA8A8C1BCD9E0FAC8A1C9398471989DD064A0EC574FE83AEEF0FED2DD0E6C493C2D352F7BA818DC5BFD2C

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
malicious attacker exploit
Properties

Article ID: 3089250 - Last Review: 09/08/2015 17:11:00 - Revision: 1.0

Microsoft Exchange Server 2013 Service Pack 1

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB3089250
Feedback