Security update for Exchange Server 2013 SP1; CUs for Exchange 2019 and 2016 (03/16/2021)

[German]Microsoft released a security advisory to revise its outdated updates for older CUs for on-premises Microsoft Exchange Servers (which have already fallen out of support). Specifically, Microsoft has released a security update for the out-of-support Microsoft Exchange Server 2013 Service Pack 1. Addendum: In addition, CU 9 for Exchange Server 2019 and CU 20 for Exchange Server 2016 have been released.

Update for Exchange Server 2013 SP 1

A new security update has been released for Exchange Server 2013 Service Pack 1 according to the following security advisory.
***************************************************************
Issued: March 16, 2021
***************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

Critical CVEs
============================

CVE-2021-26855
CVE-2021-27065
* CVE-2021-26857

Important CVEs
============================

* CVE-2021-26858

Publication information
===========================

– Microsoft Exchange Server Remote Code Execution Vulnerability
– See preceding list for links
– Version 5.0
– Reason for Revision: Microsoft is releasing a security update for CVE-2021-27065,
CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server
2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be
protected from these vulnerabilities can apply this update if they are not on a
supported cumulative update. Microsoft strongly recommends that customers update to
the latest supported cumulative updates.
– Originally posted: March 2, 2021
– Updated: March 16, 2021

New CUs for Exchange Server 2016/2019

Addendum: As of March 16, 2021, Microsoft has also released the following quarterly cumulative updates for Exchange Server 2016/2019.

Microsoft has published the Techcommunity article Released: March 2021 Quarterly Exchange Updates. There Microsoft recommend that administrators test these cumulative updates before rolling them out. Thanks to the user for the comment in my German blog and Toni for the mail.

Similar articles
Exchange server 0-day exploits are actively exploited
Important notes from Microsoft regarding the Exchange server security update (March 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Hack News – Test tools from Microsoft and others
Microsoft MSERT helps to scan Exchange Servers
Cyber attack on Exchange server of the European Banking Authority
Exchange hack: new patches and new findings
Exchange Server: Remote Code Execution Vulnerability CVE-2020-16875
Exchange hack: new victims, new patches, new attacks
Update on ProxyLogon hafnium exchange issue (March 12, 2021)
Was there a leak at Microsoft in the Exchange mass hack?
ProxyLogon hack: Administrator's Repository for affected Exchange systems
Microsoft Exchange (On-Premises) one-click Mitigation Tool (EOMT) released

This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *