CVE-2016-0138

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2007 SP3 through 2016 Cumulative Update 2

Description The issue is related to the improper parsing of email messages by Microsoft Exchange Server, which can allow a remote attacker to obtain sensitive information from Outlook applications by leveraging the Send As right. This can lead to the disclosure of confidential user information contained in Microsoft Outlook applications.

Recommendations For Microsoft Exchange Server versions 2007 SP3 through 2016 Cumulative Update 2, consider restricting access to the Send As right until a patch is available. As a temporary workaround, consider disabling the use of the Send As command in Outlook applications to minimize the risk of exploitation. Restrict access to sensitive Outlook application information to minimize the risk of information disclosure.