Microsoft has released security updates for a number of vulnerabilities in Exchange Server today, and there is also an update for Exchange 2010. The following vulnerabilities are closed for Exchange 2016 and Exchange 2019:
- CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17143 | Microsoft Exchange Information Disclosure Vulnerability
4 or 5 vulnerabilities fall into the "Remote Code Execution" category, so the available updates should be installed quickly:
- Download Security Update For Exchange Server 2019 Cumulative Update 7 (KB4593465)
- Download Security Update For Exchange Server 2019 Cumulative Update 6 (KB4593465)
- Download Security Update For Exchange Server 2016 Cumulative Update 18 (KB4593465)
- Download Security Update For Exchange Server 2016 Cumulative Update 17 (KB4593465)
Exchange 2013 contains 4 of the 5 vulnerabilities mentioned (CVE-2020-17141 not applicable), a corresponding update is also available here:
There is even another update for Exchange 2010:
As always: The updates should be tested beforehand, but not too much time should pass before the updates are installed.