Technology Graphic

Recently Discovered Exchange Security Vulnerability

By Michael Bianchi, Senior Systems Engineer

On 5/8 Microsoft published a security update for all supported versions of Exchange, detailed here:

A vulnerability was found that could enable an attacker to run arbitrary code under the context of the System user and install a program, compromise or destroy data, and create new user accounts by sending a specially crafted email (details undisclosed) to the server.

Exchange 2010 customers must install the latest update rollup release which can be found here:

Exchange 2013 and 2016 customers must be on the latest or next previous CU and also apply the respective patch which can be found here:

All other versions of Exchange are to be considered vulnerable with no patch forthcoming. Under Microsoft’s support agreement, only the latest or next previous patch is supported – see more information here –

If you require assistance with this matter, please contact Helient at

Thank you for sharing... Share on Facebook
Tweet about this on Twitter
Share on LinkedIn

Connect with Helient