Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2019, Exchange Server 2016, and Exchange Server 2013. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect the environment.

Note: These vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.

Exchange Server Security Updates

Microsoft has released Security Updates for vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

These Security Updates are available for the following specific versions of Exchange:

Version: Exchange 2019 (CU11, CU12)
Knowledge base: KB5014261

Version: Exchange 2016 CU22, CU23
Knowledge base: KB5014261

Version: Exchange 2013 CU23
Knowledge base: KB5014260

For full details, refer to this article.


Be sure to visit Messageware Security Products for Microsoft Exchange Server. All enterprises with Exchange Servers should add security that provides on-premise systems with logon intelligence and security controls protecting the most widely used Exchange Server services, including OWA / Outlook Web, ECP, Autodiscover, ActiveSync, EWS, OAB, MAPI, Outlook Anywhere. Critical additions for all enterprises including those who believe they are protected by multifactor authentication (MFA/2FA).