Blog Post

Exchange Team Blog
6 MIN READ

Released: July 2021 Exchange Server Security Updates

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jul 13, 2021
Microsoft has released security updates for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 All versions (Cumulative Update levels) are impacted. ...
Updated Aug 05, 2021
Version 15.0
announcements
Exchange 2013
exchange 2016
exchange 2019
security
setup
Nino_Bilic's avatar
Nino_Bilic
Icon for Microsoft rankMicrosoft
Jul 14, 2021

JMaletzky  - the tangled web of CVEs for this release is unfortunate; here is the bottom line:

There are 7 Exchange CVEs in the July Release.

  • Three of the CVEs were fixed with the July updates (CVE-2021-31196, CVE-2021-31206, CVE-2021-33768). These CVEs have July Packages.
  • Three of the CVEs (CVE-2021-34523, CVE-2021-34473, CVE-2021-33766) were fixed in April but CVEs were not released until July. These CVEs have April packages (fixes were released then and people who installed them were protected). The 1.0 revision note on each of the CVEs explains this.
  • CVE-2021-34470 was fixed in the June 29 Cumulative Update release for Exchange Server 2019 and 2016. Exchange Server 2013 was fixed in the July Update and has the July Package.

Now, while CVEs are a bit tangled up because of April omission - the update path is simple: July updates + schema update (as appropriate for the version) = done.