Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fixes the following Vulnerabilities;
- Exchange 2019 and Exchange 2016
- CVE-2021-34453: Microsoft Exchange Server Denial of Service Vulnerability
- CVE-2021-41348: Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-41350: Microsoft Exchange Server Spoofing Vulnerability
- Exchange 2013
- CVE-2021-26427: Microsoft Exchange Server Remote Code Execution Vulnerability
None of the them are currently publicly exposed or exploited. The Exploitability Assessment for all vulnerabilities is rated: Exploitation Less Likely.
View: Exchange Blog: Released: Released: October 2021 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019 and 2016: October 12, 2021 (KB5007012)
View: Description of the security update for Microsoft Exchange Server 2013: October 12, 2021 (KB5007011)
Download: Security Update for Exchange 2019 CU10 and CU11
Download: Security Update for Exchange 2016 CU21 and CU22
Download: Security Update for Exchange 2013 CU23