CVE-2017-8559

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2010 SP3, 2013 SP3, 2013 CU16, and 2016 CU5

Description An elevation of privilege issue exists due to the way Microsoft Exchange Outlook Web Access (OWA) handles web requests. This could allow an attacker to perform script or content injection attacks, potentially tricking users into disclosing sensitive information. Exploitation requires a user to click on a maliciously crafted link.

Recommendations For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 CU16, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to OWA to minimize the risk of exploitation.