Microsoft released a security update for its Exchange Server 2013 and Exchange Online 2013 on Tuesday, as well as for its SharePoint Online 2013, but the most significant of these is a fix for the CVE-2017-9086 vulnerability.
In its statement announcing the update, Microsoft says that the fix will “enhance the security of Exchange Online and Exchange 2013 and reduce the risk of remote code execution for end users and enterprises.”
This means that any person who uses Exchange Server or SharePoint Server 2013 or 2014, or anyone who has previously deployed Exchange Online or Sharepoint Online, will be protected against the flaw.
The company also released a separate patch for the 2016 vulnerability that can be used for Exchange Server 2016 or SharePets 2016.
These two updates were released just days apart, but both fixes are compatible with Exchange Server 2017 and are available to download from Microsoft’s website.
Microsoft also notes that the new patch will be distributed to users of Exchange Server, and it will work on both Windows Server and Linux.
The CVE-1786 and CVE-1811 vulnerabilities that have been fixed for the SharePoint 2013, 2015, 2016, and 2017 versions of Exchange are not currently being used for the latest version of Exchange, which will only be released as a part of a patch release.
Microsoft said that users will not need to take any action to take advantage of these fixes.
The vulnerability has been publicly known since April 2018, when it was reported to the Internet Standards Track, a group of organizations that track security standards.
The flaw can be exploited through the use of the following attack vectors: Remote Code Execution via a crafted web page