Endpoint Vulnerability

Microsoft Exchange Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user. The update addresses the vulnerability by correcting how Outlook handles meeting invitation requests.

Affected Products

Microsoft Exchange Server 2016 Cumulative Update 1,Microsoft Exchange Server 2016 Cumulative Update 2

References

CVE-2016-3379,