CVE-2018-0941

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server 2016 versions Cumulative Update 7 through Cumulative Update 8

Description: An information disclosure issue exists due to how data is imported. This could allow an attacker to discover sensitive information that should otherwise not be disclosed, particularly if the impacted user is using Microsoft Exchange Outlook Web Access (OWA).

Recommendations: For Microsoft Exchange Server 2016 Cumulative Update 7, update to a version that fixes the information disclosure vulnerability. For Microsoft Exchange Server 2016 Cumulative Update 8, update to a version that fixes the information disclosure vulnerability.