Microsoft Exchange Server: Critical security updates released for October 2021
Microsoft has new updates for its Exchange Server versions 2013, 2016 and 2019. Specifically, there are four security gaps that are fixed with the latest updates. Two of the vulnerabilities are also marked with severity "High".
Administering an Exchange server has not always been easy lately with all the security gaps. We had in this Article reported in detail about it. Today Microsoft released further security patches for a total of three security vulnerabilities in 2016 and 2019. For Exchange Server 2013 there is also another gap. So far, Microsoft has not yet written of any exploited loophole in the MSRC. As we know, however, that can change quickly with Exchange.
Microsoft Exchange Server gaps: import updates promptly
Overall, the current updates for Exchange 2016 and 2019 are patches for CVE-2021-41350, CVE-2021-34453 and CVE-2021-41348 where the latter gap is to be classified as “high” severity. When updating for Exchange Server 2013, "CVE-2021-26427"Stuffed, which is also viewed as" high ". The high severity vulnerabilities concern server remote code execution.
Updates are only available for Exchange 2013 (CU23) 2016 (CU21 and CU22) and 2019 (CU10 and CU11) are available - older CU versions will not receive a security patch. For example, if you still use Exchange Server 2016 CU20 or 2019 CU9, you must first upgrade to a supported CU.
As usual, the installation of the security patch should be carried out “as administrator” in order to ensure a smooth process.