Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fixes the following Vulnerabilities;
- CVE-2021-42305: Microsoft Exchange Server Spoofing Vulnerability
- CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability (does not apply to Exchange 2013)
- CVE-2021-41349: Microsoft Exchange Server Spoofing Vulnerability
None of the them are currently publicly disclosed but CVE-2021-42321 is already being exploited. It is therefor important to update as soon as possible.
View: Exchange Blog: Released: Released: October 2021 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 9, 2021 (KB5007409)