Outside the usual patch interval for Exchange Server, Microsoft has released a security update for all Exchange Server versions, which is intended to fix several security vulnerabilities classified as high or critical.
Here is the link to the Security Bulletin:
Microsoft Security Bulletin MS16-108
Brief description of the vulnerability:
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe vulnerabilities could allow remote code execution in some Oracle Outside In libraries built into Exchange Server if attackers send email with a specially crafted attachment to a vulnerable Exchange server.
Source: Microsoft
Click here to download the update for the respective Exchange versions:
- Security Update For Exchange Server 2016 CU2 (KB3184736)
- Security Update For Exchange Server 2013 CU13 (KB3184736)
- Update rollup 15 for Exchange Server 2010, Service Pack 3 (KB3184728)
- Update rollup 21 for Exchange Server 2007 Service Pack 3 (KB3184711)
I am currently installing the update, which is taking some time:
As the vulnerability can apparently be exploited by an email, the update should be installed quickly. Unfortunately, no corresponding warning has yet been published on the Exchange Team Blog.
Hallo, ja wird schon über WSUS verteilt. Grüße Sören
Hi Frank,
weißt du zufällig, ob es auch schon über den WSUS verteilt wird? Danke und Grüße Marco