May 2021 Exchange Server security updates

On May 11, 2021 Microsoft released new Security Updates for the following Exchange server versions:

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU19 and CU20
  • Exchange Server 2019 CU8 and CU9

The following vulnerabilities have been addressed:

VulnerabilityCategorySeverity
CVE-2021-31209SpoofingImportant
CVE-2021-31207Security Feature BypassModerate
CVE-2021-31198Remote Code Execution Important
CVE-2021-31195 Remote Code Execution Important

Personally, I am happy to see no critical and zero-day issues have been found, no immediate action on Tuesday night this time 😊. However, these are still important security updates so you must install them as soon as possible.

These Security Updates are only available for the Exchange versions mentioned above. If you are on an older version of Exchange, you must first upgrade your Exchange servers to the latest CU and then deploy these Security Updates. Security Updates are cumulative, to a Security Update contains all previous fixes for this specific Cumulative Update.

A couple of remarks:

  • If you are running Exchange Hybrid, even if you have all your mailboxes in Exchange Online and use the on-premises Exchange server only for management purposes, you still must deploy these Security Updates on the Hybrid Server. If you have an Exchange management server (with only the management tools installed) you do not need to install the Security Updates.
  • Start the Security Update from a command prompt with elevated privileges. If you do not use elevated privileges, setup will fail and leave your Exchange server in an unknown state. Known problems here are with OWA and EAC. This does not apply when installing the Security Update using Windows Update or WSUS.
  • When the installation of the Security Update has finished it does not ask for a reboot although this is needed, so reboot the server when finished.

And the downloads:

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s