Exchange 2010-2016 Security Fixes

Ex2013 LogoMicrosoft released security updates to fix a remote code execution vulnerability in Exchange Server. The related knowledge base article is KB4018588.

More information is contained in the following Common Vulnerabilities and Exposures articles:

  • CVE-2017-8521 – Scripting Engine Memory Corruption Vulnerability
  • CVE-2017-8559 – Microsoft Exchange Cross-Site Scripting Vulnerability
  • CVE-2017-8560 – Microsoft Exchange Cross-Site Scripting Vulnerability

Depending on the lifecycle status of the product, fixes are made available either through a Rollup or as a security fix for the following product levels:

As you might notice, the security fix is made available for the N-1 builds of Exchange 2013 and Exchange 2016. This could imply the issue was addressed in the latest builds of those products. I hope to receive official confirmation on this soon.

The issue is deemed Important, which means organizations are advised to apply these updates at the earliest opportunity. However, as with any update, it is recommended to thoroughly test updates and fixes prior to deploying them in a production environment.

3 thoughts on “Exchange 2010-2016 Security Fixes

  1. Pingback: Exchange 2010-2016 Security Fixes | Ward Vissers

  2. Hello Michel,
    I have Exchange 2013 CU11 in my environment, when I try to install the update for 2013, I get error
    “The upgrade patch cannot be installed by the windows installer service because the program to be upgraded may be missing”, Do I need to update my Exchange 2013 to CU16 to install this ?
    Could you please confirm if you have information about this ?

    • These patches – for Exchange 2013 – are only available for supported versions of Exchange 2013. At present, that means SP1, CU17 (current) or CU16 (n-1). The fix does not apply to CU17, which leaves SP1 and CU16. Note that recommended upgrade path to CU16 or CU17 would be CU15->NET462->CU16 or CU17.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s