The November 2021 security updates for Exchange Server address vulnerabilities reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.
For convenience, here are direct links to the Microsoft downloads for the latest Exchange versions:
- Exchange Server 2013 CU23 (KB5007409)
- Exchange Server 2016 CU21 (KB5007409) and CU22 (KB5007409)
- Exchange Server 2019 CU10 (KB5007409) and CU11 (KB5007409)
For full details, refer to this article.
We have not encountered any issues with installing the Microsoft Security Updates. We suggest that you proceed with applying the patches if you have not already.
Be sure to visit Messageware Security Products for Microsoft Exchange Server. All enterprises with Exchange Servers should add security that provides on-premise systems with logon intelligence and security controls protecting the most widely used Exchange Server services, including OWA / Outlook Web, ECP, Autodiscover, ActiveSync, EWS, OAB, MAPI, Outlook Anywhere. Critical additions for all enterprises including those who believe they are protected by multifactor authentication (MFA/2FA).