Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper same-origin policy handling can be exploited remotely via a specially designed request;
2. Improper user session management can be exploited remotely via a specially designed web site.

Microsoft Exchange Server 2013 Service Pack 1
Microsoft Exchange Server 2013 Cumulative Update 8

Update to the latest version

3062157