MS-ISAC CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2016-134

DATE(S) ISSUED:
09/13/2016

SUBJECT:
Security Update for Microsoft Exchange Server (MS16-108)

OVERVIEW:

Multiple vulnerabilities have been discovered in Microsoft Exchange Server. Microsoft Exchange Server is an email server software product from Microsoft. The most severe of these vulnerabilities can result in remote code execution if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server. Successful exploitation could allow an attacker to gain the same privileges as a local server account. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEM AFFECTED: