A quick heads-up as Microsoft released security update for supported releases of Exchange Server 2016.
The security updates patch issues as reported in the following Microsoft Common Vulnerabilities and Exposures:
- CVE-2018-8604: Microsoft Exchange Server Tampering Vulnerability
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user’s profile data.
You can download the security updates here:
- Security Update for Exchange Server 2016 CU10 (v15.1.1531.8, KB4468741)
- Security Update for Exchange Server 2016 CU11 (v15.1.1591.11, KB4468741)
- KB4468741 for Exchange Server 2016 CU10 supersedes KB4459266.
As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.