Endpoint Vulnerability

Microsoft Outlook Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message to a user. The security update addresses the vulnerability by correcting how Microsoft Exchange parses certain unstructured file formats.

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 1,Microsoft Exchange Server 2013 Service Pack 1,Microsoft Exchange Server 2016 Cumulative Update 2,Microsoft Exchange Server 2013 Cumulative Update 12,Microsoft Exchange Server 2013 Cumulative Update 13,Microsoft Exchange Server 2007 Service Pack 3,Microsoft Exchange Server 2010 Service Pack 3

References

CVE-2016-0138,