Summary
This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an email message that has a specially crafted attachment to a vulnerable server that is running Exchange Server. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2017-11932 and ADV170023.
Improvements and fixes
This security update was released to address a known issue in security update 4036108 in which customers that are using split DNS may encounter problems that affect Calendar Sharing. This update removes the fix for this vulnerability.
Known issues
-
We are aware of some reports that Exchange services may remain in a disabled state after you install this security update. If this occurs, the update is installed correctly. However, the service control scripts encounter a problem when they try to return Exchange services to its usual state. To resolve this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually.
-
When you try to manually install this security update in "normal mode" (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated. When this issue occurs, you do not receive an error message or any indication that the security update is not correctly installed. Also, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) may stop working. This issue occurs on servers that are using UAC (user account control). The issue occurs because the security update does not correctly stop certain Exchange-related services. To avoid this issue, run the security update in elevated mode as an administrator. To do this, right click the update file, and then click Run as administrator.
How to get and install the update
Method 1: Microsoft Update
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
More Information
Security update deployment information
For deployment information about this update, see security update deployment information: December 12, 2017.
|
Package name |
Package hash SHA 1 |
Package hash SHA 2 |
|---|---|---|
|
E16CU7 Exchange2016-KB4045655-x64-en.msp |
AD7A5B178CDEEAE80A233073FDF5F09651A767D3 |
125BE0BE5AE4965C2A1F3F782047A322CAD58CEF69849C79E714D982C7DDDE7D |
|
E16CU6 Exchange2016-KB4045655-x64-en.msp |
5792593D9700FB5B2C02D79008D9C88569061A0F |
3EBA47CE4053AE04D0D410FB5A800871324A91160246BBE9891068C696DEB963 |
|
E15CU18 Exchange2013-KB4045655-x64-en.msp |
48ADA3FA1409A829E2D01EEF84921F466E576659 |
941F2ABACC936D258C95581A1185A80BF79A7E036D0FAA8778E77CACE6272520 |
|
E15CU17 Exchange2013-KB4045655-x64-en.msp |
30BAFADCC699281B7FB63240150987222683F44A |
304098CD045AE20C3E7A772B79B226D693077476B155A739B4F16FBBF3567C8D |
File information
