Microsoft Security Response Center

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

**Does the attacker need to be in an authenticated role in the Exchange Server?** Yes, the attacker must be authenticated.

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: **Disable SMBv3 compression** You can disable compression to block authenticated attackers from exploiting the vulnerability against an **SMBv3 Server** with the PowerShell command below. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force **Notes:** 1. No reboot is needed after making the change. 2. **This workaround does not prevent exploitation of SMB clients; please see item 2 under FAQ to protect clients.** You can disable the workaround with the PowerShell command below. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force **Note:** No reboot is needed ...

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**How can I get the update for Skype Extension for Chrome?** The Skype Extension for Chrome is available in the Chrome Web Store. 1. Open the Chrome Web Store and type "Skype" into the search box. 2. Scroll down to **Extensions**. The Skype Extension will be the first on the list 3. Click on the **Add to Chrome** button.

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.