Microsoft has released new security updates for all supported Exchange Servers (2013, 2016, 2019). Microsoft mentions in particular the vulnerability CVE-2021-42321 (Remote Code Execution) in Exchange 2016 and 2019, which is already being exploited in a limited number of targeted attacks. The number of attacks is likely to increase, as the vulnerability may now be easier to detect thanks to the update. The FAQ also contains a command that can be used to determine whether the CVE-2021-42321 vulnerability has already been exploited:
Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }
If the command above returns hits, it is an indication of a successful attack.
The updates can be downloaded here:
The corresponding KB entry for the updates can be found here:
Here is the corresponding article from the Microsoft Exchange Server Team Blog:
Microsoft also explicitly points out that the manual installation of the update must be carried out using a shell in "Elevated" mode ("Run as administrator"). Here is an example of the "Elevated Shell":
The update can of course also be carried out via WSUS (Attention: There is a problem with Exchange 2013), Windows Update or other tools. If the Exchange Server update goes wrong, you can find some possible solutions to the problems here: