Microsoft today released new security updates for all Exchange Server versions that are still supported. The updates address a total of 3 security vulnerabilities:
- CVE-2020-17083 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2020-17084 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2020-17085 | Microsoft Exchange Server Denial of Service Vulnerability
As two of the vulnerabilities allow "remote code execution", the updates should be installed as soon as possible. Although it is not yet known that the vulnerabilities are being exploited, once the updates have been published, it may be quite quick before an exploit is available.
To close the three security gaps mentioned, only one update needs to be installed. Click here to go directly to the downloads:
- Download Security Update For Exchange Server 2019 Cumulative Update 7 (KB4588741)
- Download Security Update For Exchange Server 2019 Cumulative Update 6 (KB4588741)
- Download Security Update For Exchange Server 2016 Cumulative Update 18 (KB4588741)
- Download Security Update For Exchange Server 2016 Cumulative Update 17 (KB4588741)
- Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB4588741)
Before installing the updates, you should read through the known problems with the updates:
It is also advisable to test the updates extensively, as there have also been problems with Exchange updates in the past. Microsoft often only fixes non-security-critical problems with the next CU. However, it can sometimes take some time before the next CU is released. The next CU for Exchange Server will also contain these security updates and should be released in December.
