If you have more than one Exchange Server running in the organization, you want to…
Microsoft released several Security Updates (SUs) for Microsoft Exchange Server to address vulnerabilities. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect the environment.
These vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
Exchange Server Security Updates
Microsoft has released Security Updates for vulnerabilities found in:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
These Security Updates are available for the following specific versions of Exchange:
Read more on how to Install Exchange Security Update.
If you are not at these Exchange Server CU versions, please update right now and apply the above patch.
Read more on how to Install Cumulative Update Exchange.
Vulnerabilities addressed in the November 2021 Security Updates were responsibly reported by security partners and found through Microsoft’s internal processes. We are aware of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019. Our recommendation is to install these updates immediately to protect your environment.
My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the November 2021 security updates do need to be applied to your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.
Do I need to install the updates on “Exchange Management Tools only” workstations?
Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.