Security updates

Microsoft has released new security updates for Exchange Server 2016 - 2019. This is a fix for the following vulnerability: CVE-2021-24085: Microsoft Exchange Server Spoofing Vulnerability However, the vulnerability is listed as "Low" severity and an attacker must have Exchange Server credentials to exploit the vulnerability: An ... Read more

Microsoft today released new security updates for all Exchange Server versions that are still supported. The updates address a total of 3 vulnerabilities: CVE-2020-17083 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17084 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17085 | Microsoft Exchange Server Denial of Service Vulnerability As two of the vulnerabilities allow remote code execution, it is recommended to ... Read more

Yesterday, Microsoft released a new security update for Exchange Server 2013, 2016 and 2019. The update closes the vulnerability CVE-2020-16969. The vulnerability can be exploited with a specially crafted email, so the update should be installed promptly. The update is classified as "Important". Microsoft describes the vulnerability as follows: An information disclosure vulnerability exists in ... Read more

Microsoft has released a security update for Exchange Server 2019 and Exchange 2016 to close a vulnerability classified as "critical". Specifically, it concerns the vulnerability CVE-2020-16875: A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code ... Read more