Microsoft has released Security Updates (SUs) for vulnerabilities found in:
Exchange Server 2013
Exchange Server 2016
Exchange Server 2019
SUs are available in a self-extracting auto-elev...
Updated Oct 11, 2022
Version 2.0
Blog Post
1) Just to clarify your answer above to @Ziemek - Regarding the 6 CVEs that are mentioned in https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-october-11-2022-kb5019077-b5ae8793-5e5c-4faa-972d-9228945973e5 (CVE-2022-21979,CVE-2022-21980,CVE-2022-24477,CVE-2022-24516,CVE-2022-30134,CVE-2022-34692) :
If we have installed the August updates, we are protected from these CVEs, correct?
The new fixes are to address known issues with the previous mitigations, but not security holes, correct?
2) I see that while the first 5 CVEs indeed mention the new updates (5019077 and 501976) in the update catalog entry (e.g. here https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979 ),
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692 still mentions only 5015322. Does 5019077 address CVE-2022-24692 or not?
Will appreciate your help here.
Thanks,
Stav