2.2.149 [RFC5546] Section 6.2.2 Implementation Controls

V0284:

The specification states that the threat of malicious procedural alarms SHOULD be mitigated by a calendar system that uses this protocol by providing controls that may be used to disallow procedural alarms in iTIP transactions and/or remove all alarms from the object before delivery to the recipient.

Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019

Microsoft Exchange Server ignores the ACTION ([MS-OXCICAL] section 2.1.3.1.1.20.62.2) property on import and treats all VALARM components as reminders, as specified in [MS-OXORMDR].

V0285:

The specification states that the threat of unauthorized REFRESH requests SHOULD be mitigated by a calendar system that uses this protocol by providing controls or alerts that allow the calendar user to decide whether or not the request should be honored.

Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019

Microsoft Exchange does not implement the REFRESH method, and treats all such iCalendar data as PUBLISH.

V0286:

The specification states that an implementation can decide to maintain, for audit or historical purposes, calendar users who were part of an attendee list and who were subsequently uninvited.

Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019

Microsoft Exchange does not maintain a list of uninvited attendees.