Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ManagedServices

Alert:
Microsoft Exchange Server Vulnerabilities On-Premises & Hybrid

November 10, 2021

Severity: Critical

Issue / Vulnerability

Microsoft released patches and fixes during this week’s November Patch Tuesday. The report identified 55 vulnerabilities on Microsoft Windows, including on-premises (locally installed) products such as Microsoft Office (Microsoft Excel), Microsoft Edge browser and – most importantly – Microsoft Exchange.

Microsoft Exchange (on-prem) has the high-priority patches, identified as follows:

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability.


Who Is Affected?

Microsoft has released security updates for vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

They also released an update-path for specific builds of Microsoft Exchange Server as seen in the graph below.

Update Paths for Microsoft Exchange Server updates - November 2021

Remediation / Action Plan

Microsoft recommends using the tools they provided (hyperlinked below) to run an inventory of your Microsoft Exchange Server before updating to the latest Cumulative Update.

Please note this process might require repairs to your installation if errors are present.

Please contact Cornerstone.IT if you require assistance.

Cornerstone.IT