Microsoft Exchange Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user. The update addresses the vulnerability by correcting how Outlook handles meeting invitation requests.
Microsoft Exchange Server 2016 Cumulative Update 1,Microsoft Exchange Server 2016 Cumulative Update 2