Update Rollup 20 for Exchange 2010 Service Pack 3 is now available. It contains 2 security fixes and all previously released fixes and security updates for Exchange 2010 SP3 as well as the latest DST updates. Note that mainstream support for Exchange 2010 has already ended.
- CVE-2018-0924 and CVE-2018-0940
The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server via OWA if an attacker sends an email message that has a specially crafted attachment to a vulnerable Exchange server.