Microsoft have released several security updates for Microsoft Exchange Server. The October 2021 Exchange Server Security Updates are to address the latest vulnerabilties found in the different versions. Due to the nature of the vulnerabilities found, we strongly recommend that customers apply the updates to the affected servers immediately to ensure systems are protected.
Exchange Server Security Updates
Microsoft has released Security Updates for vulnerabilities found in:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
These Security Updates are available for the following specific versions of Exchange:
You can learn more about Exchange 2019 CU11 here
If you are not running these versions, then we strongly advise upgrading to them as soon as possible in order to apply the patch.
Vulnerabilities addressed in the October 2021 Security Updates were responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.
FAQs
My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the October 2021 security updates do need to be applied to your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.
Do I need to install the updates on “Exchange Management Tools only” workstations?
Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.
