#Security Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**What Security Feature might be bypassed by this vulnerability?** The authentication feature could be bypassed as this vulnerability allows impersonation.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

 **Do I need to take further steps to be protected from this vulnerability?** Because of additional security hardening work for CVE-2022-21978, the following actions should be taken in addition to application of May 2022 security updates: For customers that have Exchange Server 2016 CU22 or CU23, or Exchange Server 2019 CU11 or CU12 installed Install the May 2022 SU first and then run one of the following commands using Setup.exe in your Exchange Server installation path (e.g., …\\Program Files\\Microsoft\\Exchange Server\\v15\\Bin): * Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains * Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /PrepareAllDomains For customers that have Exchange Server 2013 CU23 installed: Install the May 2022 SU first and then run the following command using Setup.exe in your Exchange Server installation path (e.g., …\\Program Files\\Microsoft\\Exchange Server\\v15\\Bin): * Setup.exe /IAcceptEx...

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.