A quick update to keep everyone informed on important Microsoft Exchange security updates:
May 11, 2021 – Microsoft Exchange Server vulnerability – this time it is a security feature bypass and is one of the Exchange vulnerabilities that was found during PWN2OWN 2021.
Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index
- Exploitability Index ( https://technet.microsoft.com/en-ca/security/cc998259.aspx )
- CVE-2021-31207 ( https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207 )
- Microsoft KB5003435:
The Security Update (SU) is available from Windows Update. If downloading and applying manually, ensure you are at an elevated command prompt and follow the included instructions.
For convenience, here are direct links to the Microsoft downloads for the latest Exchange versions:
- Download SU for Exchange Server 2019 Cumulative Update 9 (KB5003435)
- Download SU for Exchange Server 2019 Cumulative Update 8 (KB5003435)
- Download SU for Exchange Server 2016 Cumulative Update 20 (KB5003435)
- Download SU for Exchange Server 2016 Cumulative Update 19 (KB5003435)
- Download SU for Exchange Server 2013 Cumulative Update 23 (KB5003435)
We have not encountered any issues with installing the Microsoft Security Updates. We suggest that you proceed with applying the patches if you have not already. If you encounter any post-install issues, please email to create a priority support ticket by emailing us at support@messageware.com