Today Microsoft released security updates for Exchange 2013, Exchange 2016 and Exchange 2019 that addresses security vulnerability found recently. The following Remote Code Execution vulnerabilities are fixed with these updates:
You can find more information and the download links in the following table.
| Exchange version | Download | KB Article |
| Exchange 2019 CU9 | https://www.microsoft.com/en-us/download/details.aspx?id=103004 | KB5001779 |
| Exchange 2019 CU8 | https://www.microsoft.com/en-us/download/details.aspx?id=103003 | KB5001779 |
| Exchange 2016 CU20 | https://www.microsoft.com/en-us/download/details.aspx?id=103002 | KB5001779 |
| Exchange 2016 CU19 | https://www.microsoft.com/en-us/download/details.aspx?id=103001 | KB5001779 |
| Exchange 2013 CU23 | https://www.microsoft.com/en-us/download/details.aspx?id=103000 | KB5001779 |
Notes:
- At this moment no active exploits using these vulnerabilities are reported.
- These vulnerabilities only concern Exchange 2013/2016/2019 on-premises. Exchange Online is not vulnerable because of its different architecture. Please remember that Exchange Online uses a different codebase.
- Updates are specific for Cumulative Updates, an update for CU9 cannot be installed on CU8. The CU version is in the name of the update.
- Updates are cumulative, so these updates also contain all previous updates for this CU versions.
- If you are running Exchange hybrid you need to update the hybrid servers as well, even when all mailboxes are in Exchange Online.
- Previous mitigation scripts like EOMT will not mitigate the April 2021 vulnerabilities.
- Start the updates from a command prompt with elevated privileges. If you do not, the update can finish successfully (or report no errors) but under the hood stuff will break. When updating from Windows Update there’s no need to use elevated privileges.
- Use the Exchange Server Health Checker script (available from Microsoft Github) for an inventory of your Exchange environment. The script will return if any servers are behind with Cumulative Updates and Security Updates.
- More information can be found on the Microsoft Security Response Center (MSRC).
Simply want to say your article is as surprising.
The clearness on your publish is just great and i
can think you are an expert in this subject. Well along with
your permission let me to snatch your feed to stay updated
with forthcoming post. Thanks 1,000,000 and please keep up the gratifying work.
Hey there I am so glad I found your site, I really found you by error, while I was
browsing on Askjeeve for something else, Nonetheless I am here now and would just like to say
thanks for a incredible post and a all round exciting blog (I also love the theme/design), I
don’t have time to browse it all at the moment but I have book-marked
it and also included your RSS feeds, so when I have time
I will be back to read a great deal more, Please do keep up the awesome b.
Hi there colleagues, how is everything, and what you would like to say regarding this paragraph, in my view its actually
remarkable in favor of me.
Truly no matter if someone doesn’t understand afterward its up to other people that they will help, so here
it takes place.