Two vulnerabilities in Exchange Server 2016 and Exchange Server 2019 are closed with corresponding security updates. These are the two vulnerabilities in question:
- CVE-2019-1233Microsoft Exchange Denial of Service Vulnerability
- CVE-2019-1266Microsoft Exchange Spoofing Vulnerability
Both vulnerabilities have the rating "Important". Details on the vulnerabilities can be found under the links above. The updates for the corresponding Exchange versions can be downloaded directly here:
- Exchange Server 2019 CU2
- Exchange Server 2019 CU1
- Exchange Server 2016 CU13
- Exchange Server 2016 CU12
Note: The updates relate to the respective CU level of the Exchange Server. This does not mean that the vulnerability is not present in earlier versions. Microsoft only supports the current CU and the previous CU. For example, there are updates for Exchange 2016 CU13 and CU12, but none for Exchange 2016 CU11. The corresponding current CU must therefore be installed first. Once the CU has been installed, the security updates must then be installed.
