Security Updates for Exchange (July 2017)

On July 11th, Microsoft release a security update for Exchange. This update is applicable to Exchange 2010 SP3, Exchange 2013, and Exchange 2016. The security update addresses an OWA vulnerability that could allow remote code execution on the Exchange server.

It was released as update rollup 18 for Exchange 2010 SP3, and security updates for Exchange 2013 SP1 (CU4), Exchange 2013 CU16, and Exchange 2016 CU5.

It appears that the update may have been included with the latest CUs for Exchange 2013 and 2016 as the updates are only applicable with the previous versions. There is some confusion about this and I have not seen it confirmed by MS, but I have verified the security updates are not applicable for the latest CUs for Exchange 2013 and 2016. I will update this post if I see some verification of this.

While Microsoft has indicated this is an important update and it should be applied as soon as possible, its still advisable to thoroughly test the updates in a test environment.