MS16-108: Security Fixes and Rollups for Exchange 2007-2016

Posted on by

Ex2013 LogoNote (18sep2016): Be advised that there are reports on the security fix for Exchange 2016 CU2 leaving the system in a suboptimal state, like not re-enabling services. For now, the reports contain possible workarounds for those situations

It seems every once in a while, vulnerabilities are discovered in the Oracle libraries, licensed by Microsoft for Microsoft Exchange. For september, it is that time again, with a potential issue which allows remote code execution by means of a attachment which is to be handled by the library.

The related security bulletin is MS16-108 (KB3185883), which corrects Exchange behavior for :

  • parsing certain unstructured file formats.
  • handling open redirect requests.
  • handling Microsoft Outlook meeting invitation requests.

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security update for the following product levels:

Note that Rollups only address the vulnerabilities mentioned in security bulletin, and this bulletin replaces updates the rollups and security updates of MS16-079.

The issue is deemed critical, which means organizations are advised the implement the security fix at their earliest convenience. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

The Exchange Versions, Builds and Dates page has been updated with the above information as well.

 

 

This entry was posted in Misc by Michel de Rooij. Bookmark the permalink.

About Michel de Rooij

I'm a Microsoft 365 Apps & Services MVP, with focus on Exchange Server, AzureAD, Microsoft 365 and with a PowerShell affection. I'm a consultant, publisher of EighTwOne, published author, and speaker. You can find me on Twitter, LinkedIn, Facebook.

1 thought on “MS16-108: Security Fixes and Rollups for Exchange 2007-2016

  1. Pingback: Exchange Updates – September 2016 | EighTwOne (821)

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.