[German]Microsoft released a security advisory to revise its outdated updates for older CUs for on-premises Microsoft Exchange Servers (which have already fallen out of support). Specifically, Microsoft has released a security update for the out-of-support Microsoft Exchange Server 2013 Service Pack 1. Addendum: In addition, CU 9 for Exchange Server 2019 and CU 20 for Exchange Server 2016 have been released.
Advertising
Update for Exchange Server 2013 SP 1
A new security update has been released for Exchange Server 2013 Service Pack 1 according to the following security advisory.
***************************************************************
Issued: March 16, 2021
***************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
Critical CVEs
============================
* CVE-2021-26855
* CVE-2021-27065
* CVE-2021-26857
Important CVEs
============================
Advertising
Publication information
===========================
– Microsoft Exchange Server Remote Code Execution Vulnerability
– See preceding list for links
– Version 5.0
– Reason for Revision: Microsoft is releasing a security update for CVE-2021-27065,
CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for Microsoft Exchange Server
2013 Service Pack 1. This update addresses only those CVEs. Customers who want to be
protected from these vulnerabilities can apply this update if they are not on a
supported cumulative update. Microsoft strongly recommends that customers update to
the latest supported cumulative updates.
– Originally posted: March 2, 2021
– Updated: March 16, 2021
New CUs for Exchange Server 2016/2019
Addendum: As of March 16, 2021, Microsoft has also released the following quarterly cumulative updates for Exchange Server 2016/2019.
Microsoft has published the Techcommunity article Released: March 2021 Quarterly Exchange Updates. There Microsoft recommend that administrators test these cumulative updates before rolling them out. Thanks to the user for the comment in my German blog and Toni for the mail.
Similar articles
Exchange server 0-day exploits are actively exploited
Important notes from Microsoft regarding the Exchange server security update (March 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Hack News – Test tools from Microsoft and others
Microsoft MSERT helps to scan Exchange Servers
Cyber attack on Exchange server of the European Banking Authority
Exchange hack: new patches and new findings
Exchange Server: Remote Code Execution Vulnerability CVE-2020-16875
Exchange hack: new victims, new patches, new attacks
Update on ProxyLogon hafnium exchange issue (March 12, 2021)
Was there a leak at Microsoft in the Exchange mass hack?
ProxyLogon hack: Administrator's Repository for affected Exchange systems
Microsoft Exchange (On-Premises) one-click Mitigation Tool (EOMT) released
