MS17-015: Security Fix for Exchange 2013 SP1+CU14 & 2016 CU3

Ex2013 LogoMicrosoft published security fixes for the issue described in bulletin MS17-105. Fixes have been released for the following product levels:

You are reading it correctly: the later Cumulative Updates are not affected. Earlier builds will not receive a security fix, as support is provided up to N-2 generation builds. Reason for Exchange 2013 SP1 being in there is that Service Packs are on a different support scheme.

Note that this Rollup or security fix replaces MS16-108 (kb3184736) – you can install MS13-105 over installations containing this security fix (no need to uninstall it first).

3 thoughts on “MS17-015: Security Fix for Exchange 2013 SP1+CU14 & 2016 CU3

    • Not all details have been published yet, but since the vulnerability allows one “to inject arbitrary web script or HTML via a crafted email or chat client”, I assume it’s in the OWA code of Ex2013/Ex2016 (which are to some level similar), and not in Ex2010’s OWA’s code (which is completely different).


      • Most probably, but I am not exchange expert anyway 🙂 I just got used to seeing the name of all actively supported version if any MSFT security issue affects a certain product line.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.