This security update resolves a vulnerability in Microsoft Exchange Server that could allow information disclosure if Outlook Web Access (OWA) doesn’t handle web requests, sanitize user input and email content correctly.
To learn more about the vulnerability, see Microsoft Security Bulletin MS16-010.
Download:
Microsoft Exchange Server 2013 Service Pack 1 (3124557)
Microsoft Exchange Server 2013 Cumulative Update 10 (3124557)
Microsoft Exchange Server 2013 Cumulative Update 11 (3124557)
Microsoft Exchange Server 2016 (3124557)