CVE-2015-1631

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2013 SP1 and Cumulative Update 7

Description A spoofing issue exists due to the failure of Exchange Server to properly validate the meeting organizer's identity when accepting or modifying meeting requests. This could allow an attacker to schedule or modify meetings while appearing to originate from a legitimate meeting organizer.

Recommendations For Microsoft Exchange Server 2013 SP1 and Cumulative Update 7, consider implementing additional validation for meeting organizer identities to prevent spoofing until a patch is available. Restrict access to meeting scheduling and modification features to minimize the risk of exploitation.