[German]Short addition to a topic, which is already some days here on the agenda. Microsoft has also released security updates for Exchange Server 2013 to 2019 on November 10, 2020.
In the support article KB4588741 Microsoft discloses details about these security updates. The security updates address two remote code execution vulnerabilities and a privilege escalation vulnerability in Microsoft Exchange Server. For more information about these vulnerabilities, see the following security recommendations:
- CVE-2020-17083 | Sicherheitsanfälligkeit in Microsoft Exchange Server bezüglich Remotecodeausführung
- CVE-2020-17084 | Sicherheitsanfälligkeit in Microsoft Exchange Server bezüglich Remotecodeausführung
- CVE-2020-17085 | Sicherheitsanfälligkeit in Microsoft Exchange Server bezüglich Denial-of-Service
According to Microsoft, the security update is available via Windows Update. When administrators turn on automatic updating, the update is downloaded and automatically installed. But you should not do that, because in the past some Exchange updates has ruined the installation. There are also several known issues iwith the current security updates. Therefore it is recommended to read the extensive notes before installation, which Microsoft has published in the support article KB4588741. Here is the list of the download links for the security updates for each Exchange version.
Exchange Server 2019
- KB4588741: Exchange Server 2019 Cumulative Update 7
- KB4588741: Exchange Server 2019 Cumulative Update 6
Exchange Server 2016
- KB4588741: Exchange Server 2016 Cumulative Update 18
- KB4588741: Exchange Server 2016 Cumulative Update 17
Exchange Server 2013
Thanks to the readers who pointed this out.