Microsoft Update Catalog

Description: The security update addresses 3 vulnerabilities: An information disclosure vulnerability exists when Microsoft Exchange Server allows creation of entities with Display Names having non-printable characters. An elevation of privilege vulnerability when an attacker executes a man-in-the-middle attack to forward an authentication request to Microsoft Exchange Server. A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Microsoft Exchange Server.

Architecture: n/a

Classification: Security Updates

Supported products: Exchange Server 2016

Supported languages: Arabic , Bulgarian , Chinese (Traditional) , Czech , Danish , German , Greek , English , Spanish , Finnish , French , Hebrew , Hungarian , Italian , Japanese , Korean , Dutch , Norwegian , Polish , Portuguese (Brazil) , Romanian , Russian , Croatian , Slovak , Swedish , Thai , Turkish , Ukrainian , Slovenian , Estonian , Latvian , Lithuanian , Hindi , Chinese (Simplified) , Portuguese (Portugal) , Serbian (Latin) , Chinese - Hong Kong SAR , Japanese NEC

MSRC Number: n/a

MSRC severity: n/a

KB article numbers: 4509409

More information:

https://support.microsoft.com/?kbid=4509409

Support Url:

https://technet.microsoft.com/en-us/exchange/fp179701

Arabic	Bulgarian
Chinese (Traditional)	Czech
Danish	German
Greek	English
Spanish	Finnish
French	Hebrew
Hungarian	Italian
Japanese	Korean
Dutch	Norwegian
Polish	Portuguese (Brazil)
Romanian	Russian
Croatian	Slovak
Swedish	Thai
Turkish	Ukrainian
Slovenian	Estonian
Latvian	Lithuanian
Hindi	Chinese (Simplified)
Portuguese (Portugal)	Serbian (Latin)
Chinese - Hong Kong SAR	Japanese NEC