Microsoft has released security updates for vulnerabilities found in the below versions of Exchange servers on the 13th April 2021 which is depicted as CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483
These updates are available for the following specific builds of Exchange Server:
There were vulnerabilities which were addressed in the April 2021 security updates, as a result, Microsoft has advised to install these updates immediately.
These vulnerabilities affect Microsoft Exchange Server. Exchange Online customers are already protected and do not need to take any action.
Anyone can use this Health Checker that can be downloaded from GitHub (use the latest release), to inventory the servers. Running this script will give a result if any of the Exchange Servers are behind on updates (CUs and SUs).
Update to the latest Cumulative Update
Microsoft has advised to go to https://aka.ms/ExchangeUpdateWizard and choose the currently running CU and target CU. Then click the “Tell me the steps” button, to get directions for the environment.
My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the April 2021 security updates do need to be applied to your on-premises Exchange Server, even if it is used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.
Do the April 2021 security updates contain the March 2021 security updates for Exchange Server?
Yes, security updates are cumulative. Customers who installed the March 2021 security updates for supported CUs can install the April 2021 security updates and be protected against the vulnerabilities that were disclosed during both months. If you are installing an update manually, do not double-click on the .msp file, but instead run the install from an elevated CMD prompt.
Do I need to install the updates on ‘Exchange Management Tools only’ workstations?
Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.
Is there no update for Exchange Server 2010?
No, Exchange 2010 is not affected by the vulnerabilities fixed in the April 2021 security updates.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…