MS16-010: Security update in Microsoft Exchange Server to address spoofing: January 12, 2016

Summary
This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if Outlook Web Access (OWA) doesn't handle web requests, sanitize user input and email content correctly.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-010.
How to get and install the update

Method 1: Microsoft Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-010 that corresponds to the version of Windows that you are running.
More information

Security update deployment information

Microsoft Exchange Server 2013

Reference table

The following table contains the security update information for this software.

Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file nameFor Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2013 Cumulative Update 10 and Microsoft Exchange Server 2013 Cumulative Update 11:
Exchange2013-KB3124557-x64-en.msp
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.
Update log fileKB3124557.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

Microsoft Exchange Server 2016
Reference able

The following table contains the security update information for this software.

Inclusion in Future Service PacksThe update for this issue will be included in a future service pack or update rollup
Security update file nameFor Microsoft Exchange Server 2016:
Exchange2016-KB3124557-x64-en.msp
Installation switchesSee Microsoft Knowledge Base Article 934307
Restart requirementIn some cases, this update does not require a system restart. If the required files are being used, this update will require a system restart. If this behavior occurs, you receive a message that advises you to restart your system.
Update log fileKB3124557.log
Removal informationUse Add or Remove Programs item in Control Panel.
File informationSee the file information section
Registry key verificationNot applicable

File hash information

Package NamePackage Hash SHA 1Package Hash SHA 2
Exchange2013-KB3124557-x64-en.msp (CU10)9D31297F36F9905C84B741C7DA4267CE4E9E36048E3BA9ABC6C5285B4C40492321B0A0E07D7A891786CA01E06AF325F944594B21
Exchange2013-KB3124557-x64-en.msp (CU11)FB2667170E6E0E94982242F0106615FA33BDB6B355AE153E0B9C8E19A7B11F587A3B83F8040D4C20D6E24C7E9AD77CD04D695C78
Exchange2016-KB3124557-x64-en.msp3C4039E59DBD68868254797FAF847BA12005FBFD0730F7C7E77D5A3C791309920C0015DC3BD72539E2AF02A3A0E3AF47D51FAC74
Exchange2013-KB3124557-x64-en.msp (SP1)54B7E78435E203149DDCE8594A502B2E57E8E05403ED30FE2EFA23F36756CB29EF352E854093817E8CCA3C7E13A3BC2C4157F2CE

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.ERROR: PhantomJS timeout occurred