{"id":21756,"date":"2021-10-13T15:40:08","date_gmt":"2021-10-13T13:40:08","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21756"},"modified":"2021-10-13T15:40:08","modified_gmt":"2021-10-13T13:40:08","slug":"sicherheitsupdates-fr-exchange-server-oktober-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/10\/13\/sicherheitsupdates-fr-exchange-server-oktober-2021\/","title":{"rendered":"Security updates for Exchange Server (October 2021)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Update\" style=\"margin: 0px 10px 0px 0px\" border=\"0\" alt=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/10\/13\/sicherheitsupdates-fr-exchange-server-oktober-2021\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of October 12, 2021. These October updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/981b519bd41040daa22bae1c2a2fba73\" width=\"1\" height=\"1\">Microsoft&nbsp; has published the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-october-2021-exchange-server-security-updates\/ba-p\/2838287\" target=\"_blank\" rel=\"noopener\">Released: October 2021 Exchange Server Security Updates<\/a> with a description of the security updates. Updates are available for the following Exchange Server versions.&nbsp; <\/p>\n<ul>\n<li>Exchange Server 2013 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=f4fbd725-70c7-485b-acac-aaf90ad372f8\" target=\"_blank\" rel=\"noopener\">CU23<\/a>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=ffea3a31-7286-4932-867a-a38952c1efee\" target=\"_blank\" rel=\"noopener\">CU21<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=2a8da394-c405-4cc7-aa58-e96aa19acd4f\" target=\"_blank\" rel=\"noopener\">CU22<\/a>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=5409b101-36fc-4e5c-82bc-d0f6068b2405\" target=\"_blank\" rel=\"noopener\">CU10<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=493ebadc-791f-43fc-b6da-349e9b227ef9\" target=\"_blank\" rel=\"noopener\">CU11<\/a><\/li>\n<\/ul>\n<p>These vulnerabilities affect on-premises Microsoft Exchange servers as well as servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action. Although Microsoft is not aware of any active exploits in the wild, it recommends installing these updates immediately to protect your Exchange installation. On this page, someone has compiled the six vulnerabilities addressed below, some of which are rated as high risk.<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-41350\" target=\"_blank\" rel=\"noopener\">CVE-2021-41350<\/a>: Microsoft Exchange Server Spoofing Vulnerability\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-41348\" target=\"_blank\" rel=\"noopener\">CVE-2021-41348<\/a>: Microsoft Exchange Server Elevation of Privilege Vulnerability\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-34453\" target=\"_blank\" rel=\"noopener\">CVE-2021-34453<\/a>: Microsoft Exchange Server Denial of Service Vulnerability\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-26427\" target=\"_blank\" rel=\"noopener\">CVE-2021-26427<\/a>: Microsoft Exchange Server Remote Code Execution Vulnerability<\/li>\n<\/ul>\n<p>The CVEs are also partially listed in <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2021\/10\/12\/the-october-2021-security-update-review\" target=\"_blank\" rel=\"noopener\">this blog post<\/a> of the Zero Day Initiative. Explanations of the respective vulnerabilities can be found on this page. If the security updates are installed manually, this process must be started from an administrative command prompt. Otherwise, problems will occur during the installation.  <\/p>\n<blockquote>\n<p>First feedbacks do not show any issues &#8211; only Microsoft's Techcommunity post indicates that an update could not be installed &#8211; but the details are missing. <\/p>\n<\/blockquote>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2021\/07\/14\/sicherheitsupdates-fr-exchange-server-juli-2021\/\">Security updates for Exchange Server (July 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/06\/29\/kumulative-exchange-updates-juni-2021-verffentlicht\/\">Cumulative Exchange CUs June 2021 released<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/04\/14\/exchange-server-security-update-kb5001779-13-april-2021\/\">Exchange Server Security Update KB5001779 (April 13, 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/17\/exchange-sicherheitsupdates-von-juli-2021-zerschieen-ecp-und-owa\/\">Exchange security updates from July 2021 breaks ECP and OWA<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/22\/angriffswelle-fast-2-000-exchange-server-ber-proxyshell-gehackt\/\">Wave of attacks, almost 2,000 Exchange servers hacked via ProxyShell<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/30\/exchange-server-authentifizierungs-bypass-mit-proxytoken\/\">Exchange Server: Authentication bypass with ProxyToken<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/08\/exchange-schwachstellen-droht-hafnium-ii\/\">Exchange vulnerabilities: Will we see Hafnium II?<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/09\/29\/exchange-server-september-2021-cu-28-9-2021\/\">Exchange Server September 2021 CU (2021\/09\/28)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of October 12, 2021. These October updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/10\/13\/sicherheitsupdates-fr-exchange-server-oktober-2021\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22,2],"tags":[869,2682,69,195],"class_list":["post-21756","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","category-windows","tag-exchange","tag-patchday-10-2021","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21756"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21756\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}