New security updates for Exchange Server

Microsoft released new security updates for Exchange Server 2010, 2013, 2016 and 2019 on July 9. The updates address the following vulnerabilities:

• CVE-2019-1084 | Information disclosure vulnerability in Microsoft Exchange
• CVE-2019-1137 | Vulnerability in Microsoft Exchange Server related to spoofing attacks
• CVE-2019-1136 | Privilege escalation vulnerability in Microsoft Exchange Server

All 3 vulnerabilities have been classified as "Important". The corresponding updates should therefore be installed promptly. Click here to download the updates for the currently supported Exchange versions:

• Exchange 2019 CU2 (KB4509408)
• Exchange 2019 CU1 (KB4509408)
• Exchange 2016 CU13 (KB4509409)
• Exchange 2016 CU12 (KB4509409)
• Exchange 2013 CU23 (KB4509409)
• Exchange 2010 SP3 RU29 (KB4509410)

Currently the updates for Exchange 2010 and Exchange 2013 are not yet available for me, so it might take some time until the links are available.

It is very interesting that security updates for Exchange 2019 can be downloaded directly, so you don't have to wait for the release in the VLSC (or similar portals). After all, the updates are not delivered as an ISO, such as the Exchange 2019 Sizing Calculator.

Exchange 2019 CUs are therefore only available in the VLSC (or MSDN, ActionPack) (with a delay), Sizing Calculator is part of the "CU ISO" so that it can be updated more easily. However, the security updates can be downloaded directly. Well then... if it's just easier...