User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does that mean for this vulnerability? An attacker could spoof incorrect 5322.From email address that is displayed to a user. Why are update links missing for some Exchange products? For Exchange Server 2016 and 2019, update links are not provided because these versions are out of support and security updates are only available through the Extended Security Update (ESU) program. Customers enrolled in ESU can access the December 2025 and future updates, while those not enrolled should migrate to Exchange Server Subscription Edition (SE) to continue receiving security updates. If you have purchased ESU and need assistance accessing updates, contact Microsoft at **ExchangeandSfBServerESUInquiry@service.microsoft.com. ** For more details, see the official blog post.
Tushar Maroo with Microsoft