To exploit the vulnerability, an attacker must have authenticated access to the targeted Exchange Server to modify certain properties in the Outlook Web App application prior to attempting to convince a user to follow a malicious link.
The attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Microsoft has resolved the vulnerability by correcting the manner in which the affected software sanitizes page content.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the March 2015 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for March 2015