Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fix the following vulnerabilities;
- CVE-2023-21529: Remote Code Execution Vulnerability
- CVE-2023-21706: Remote Code Execution Vulnerability
- CVE-2023-21707: Remote Code Execution Vulnerability
- CVE-2023-21710: Remote Code Execution Vulnerability
None of the vulnerabilities are currently publicly disclosed or exploited. However, the first 3 vulnerabilities are rated as “Exploitation More Likely” so make sure you update as soon as possible!
The updates also contain the following non-security issues;
- Export-UMPrompt fails with InvalidResponseException
- Edge Transport service returns an “EseNtOutOfSessions” Exception
- Exchange services in automatic startup mode do not start automatically
- Data source returns incorrect checkpoint depth
- Serialization fails while tried accessing Mailbox Searches in ECP
- Transport delivery service mishandles iCAL events