Table of Contents

Microsoft - Exchange Server - Security

Exchange Security Update Helper

See Microsoft Security Response Center (MSRC) - Security Update Guide and filter on Exchange Server for the latest security updates to Exchange Server.

Microsoft Exchange Team Blog - Why Exchange Server updates matter

Microsoft Support - Results for "Description of the security update for Microsoft Exchange Server"

Exchange Server Emergency Mitigation

Microsoft Exchange Team Blog - New security feature in September 2021 Cumulative Update for Exchange Server
Microsoft Exchange Team Blog - Addressing Your Feedback on the Exchange Emergency Mitigation Service

Microsoft Exchange Team Blog - Released: September 2021 Quarterly Exchange Updates and Microsoft Support - Cannot log in to OWA or ECP after July 2021 SU for Exchange Server 2019, 2016, and 2013 (KB 5005341)

CVE-2023-28310, CVE-2023-32031

Microsoft Exchange Team Blog - Released: June 2023 Exchange Server Security Updates

CVE-2023-21710, CVE-2023-21707, CVE-2023-21706, and CVE-2023-21529

Microsoft Exchange Team Blog - Released: February 2023 Exchange Server Security Updates
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: February 14, 2023 (KB5023038)

CVE-2022-23277, CVE-2022-24463

Microsoft Exchange Team Blog - Released: March 2022 Exchange Server Security Updates Microsoft Support - Description of the security update for Microsoft Exchange Server 2013: March 8, 2022 (KB5010324)

CVE-2022-21846, CVE-2022-21855, CVE-2022-21969

Microsoft Exchange Team Blog - Released: January 2022 Exchange Server Security Updates
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: January 11, 2022 (KB5008631)

CVE-2021-41349, CVE-2021-42305, CVE-2021-42321

Microsoft Exchange Team Blog - Released: November 2021 Exchange Server Security Updates
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 9, 2021 (KB5007409)

CVE-2021-26427, CVE-2021-34453, CVE-2021-41348, CVE-2021-41350

Microsoft Exchange Team Blog - Released: October 2021 Exchange Server Security Updates
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019 and 2016: October 12, 2021 (KB5007012)

CVE-2021-3210[7,9],CVE-2021-3119[5,8]

Microsoft - Exchange Team Blog - Released: May 2021 Exchange Server Security Updates
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: May 11, 2021 (KB5003435)

CVE-2021-2848[0-3] + CVE-2021-34473 + CVE-2021-34523, CVE-2021-33766

Multiple remote code execution vulnerabilities in Exchange Server 2013, 2016, 2019.

Microsoft - Exchange Team Blog - Released: April 2021 Exchange Server Security Updates
Microsoft Security Response Center - April 2021 Update Tuesday packages now available
Microsoft Support - Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: April 13, 2021 (KB5001779)

NCSC - NCSC-2021-0314 - Kwetsbaarheden verholpen in Microsoft Exchange Server
tweakers.net - Microsoft waarschuwt opnieuw voor ernstige kwetsbaarheden in Exchange

CVE-2021-2685[5,7-8],CVE-2021-27065

Microsoft Security Blog - HAFNIUM targeting Exchange Servers with 0-day exploits
Microsoft Security Response Center - On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021
Microsoft Security Response Center - Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

tweakers.net - Microsoft dicht zerodays in Exchange 'die misbruikt zijn door Chinese hackers'