HAFNIUM exploit: Microsoft releases updates for older Exchange versions

Due to the severity of the HAFNIUM exploit, Microsoft has released further updates for older Exchange Server versions. However, the updates cannot be obtained via Windows Update, but must be downloaded and installed manually. Further information on the updates can be found here: March 2021 Exchange Server Security Updates for older Cumulative Updates of Exchange Server Some ... Read more

New security updates for Exchange Server 2016 - 2019 (February 2021)

Microsoft has released new security updates for Exchange Server 2016 - 2019. This is a fix for the following vulnerability: CVE-2021-24085: Microsoft Exchange Server Spoofing Vulnerability However, the vulnerability is listed as "Low" severity and an attacker must have Exchange Server credentials to exploit the vulnerability: An ... Read more

Exchange Server: New security updates (November 2020)

Microsoft today released new security updates for all Exchange Server versions that are still supported. The updates address a total of 3 vulnerabilities: CVE-2020-17083 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17084 | Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17085 | Microsoft Exchange Server Denial of Service Vulnerability As two of the vulnerabilities allow remote code execution, it is recommended to ... Read more

Exchange Server: New security updates (October 2020)

Yesterday, Microsoft released a new security update for Exchange Server 2013, 2016 and 2019. The update closes the vulnerability CVE-2020-16969. The vulnerability can be exploited with a specially crafted email, so the update should be installed promptly. The update is classified as "Important". Microsoft describes the vulnerability as follows: An information disclosure vulnerability exists in ... Read more

New security updates for Exchange Server (September 2020)

Microsoft has released a security update for Exchange Server 2019 and Exchange 2016 to close a vulnerability classified as "critical". Specifically, it concerns the vulnerability CVE-2020-16875: A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code ... Read more