CVE-2016-0029

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016

Description The issue is related to a cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This can be exploited to perform script or content injection attacks and potentially trick users into disclosing sensitive information. An attacker could also redirect the user to a malicious website.

Recommendations For Microsoft Exchange Server 2016, consider disabling the OWA component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to OWA to minimize the risk of exploitation. Avoid using crafted URLs that could inject arbitrary web script or HTML. At the moment, there is no information about a newer version that contains a fix for this vulnerability.