Microsoft has released a new security update for Exchange Server 2010 - 2019. The update fixes the following vulnerabilities:
- CVE-2020-0692 | Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2020-0688 | Microsoft Exchange Memory Corruption Vulnerability
The update is given the severity level "Important", click here to go directly to the downloads:
- Download Security Update For Exchange Server 2019 Cumulative Update 4 (KB4536987)
- Download Security Update For Exchange Server 2019 Cumulative Update 3 (KB4536987)
- Download Security Update For Exchange Server 2016 Cumulative Update 15 (KB4536987)
- Download Security Update For Exchange Server 2016 Cumulative Update 14 (KB4536987)
- Download Security Update For Exchange Server 2013 Cumulative Update 23 (KB4536988)
- Download Update Rollup 30 for Exchange Server 2010 SP3 (KB4536989)
An update has also been released for Exchange Server 2010; support for Exchange 2010 has actually already expired. As these are vulnerabilities that allow code to be executed on the Exchange Server, the updates should be installed promptly before exploits for the vulnerabilities become public. Nevertheless, appropriate tests should of course not be neglected.
