A week ago, Microsoft released new security updates for Exchange Server 2013, 2016 and 2019. I'm only reporting on this now as I've been on vacation for the last 14 days. But thanks to the CVE Reporter this should not be a problem :-)
The following four vulnerabilities are closed by the updates:
Click here to go directly to the downloads:
- Exchange 2019 CU10 (KB5004780)
- Exchange 2019 CU9 (KB5004780)
- Exchange 2016 CU21 (KB5004779)
- Exchange 2016 CU20 (KB5004779)
- Exchange 2013 CU23 (KB5004778)
Microsoft also explicitly points out that the manual installation of the update must be carried out using a shell in "Elevated" mode ("Run as administrator"). Here is an example of the "Elevated Shell":
Alternatively, the update can of course also be installed via WSUS, Windows Update or other tools. If the Exchange Server update goes wrong, you can find some possible solutions to the problems here: