Exchange 2019, 2016 , 2013 and 2010 Security Updates for March 2021

Out-of-Band security updates have been released for Exchange 2019, Exchange 2016, Exchange 2013 and even Exchange 2010 (which has been out of support since October 13, 2020).

The reason for this is because multiple zero-day vulnerabilities exist which are currently being exploited by a nation-state affiliated group.

It is recommended that you start patching immediately beginning with server that are accessible from the Internet (like server publishing Outlook on the Web/OWA and ECP).

The update fixes the following Remote Code Execution Vulnerabilities;

View: Exchange Blog: Released: March 2021 Exchange Server Security Updates
View: On the Issue Blog: New nation-state cyberattacks
View: Microsoft Security Blog: HAFNIUM targeting Exchange Servers with 0-day exploits
View: Microsoft Security Response Center (MSRC) Blog: Multiple Security Updates Released for Exchange Server

Exchange 2019 CU8 – DownloadKB5000871
Exchange 2019 CU7 – DownloadKB5000871
Exchange 2016 CU19 – DownloadKB5000871
Exchange 2016 CU18 – DownloadKB5000871
Exchange 2013 CU23 – DownloadKB5000871
Exchange 2010 SP3 RU32 – DownloadKB5000978

These security updates are also included in Exchange 2019 CU9 and Exchange 2016 CU20.

If you are running an older CU version of Exchange and can’t directly upgrade to the latest CU see; March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server.