Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Outlook Web App Token Spoofing Vulnerability

A token spoofing vulnerability exists in Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010. It could allow an attacker to send email messages that seem to come from a trusted source, and the messages contain a link to a website of the attacker. In a web-based attack scenario, an attacker could host a website that is used to try exploiting this vulnerability. Additionally, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. However, in almost every case, an attacker cannot force users to view the attacker controlled content. Instead, an attacker would have to convince users to take action, typically by having them click a link in an email message or Instant Messenger message, to take users to his or her website.


This issue occurs because Outlook Web App does not properly validate a request token.


To resolve these issues, install the following update:


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!