Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user.
Run all software as a nonprivileged user with minimal access rights.
Running all client software as an unprivileged user with minimal access rights may reduce the impact of latent vulnerabilities that affect client applications.
Do not accept communications that originate from unknown or untrusted sources.
Users should avoid opening email messages that arrive unsolicited or originate from an unfamiliar or untrusted source.
Microsoft has released an advisory including fixes to address this issue.