Security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5003435) released to fix 1 zero-day and other vulnerabilities in Exchange Server

Security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5003435) released to fix 1 zero-day and other vulnerabilities in Exchange Server

Hello everyone,

This Patch Tuesday comes with a security rollup update (KB5003435) that resolves vulnerabilities in Microsoft Exchange server which includes 1 zero-day (CVE-2021-31207). Though the zero-day was publicly disclosed, there are no known cases of exploitation. The details of the vulnerabilities fixed in this update are as follows:

 CVE ID
 Impact
 Severity
 CVE-2021-31195
 Remote Code Execution
 Important
 CVE-2021-31198
 Remote Code Execution
 Important
 CVE-2021-31207
 Remote Code Execution
 Zero-day
 CVE-2021-31209
 Remote Code Execution
 Important

For details about the known issues in this update refer to this Support doc from Microsoft.

To install this update using Desktop Central, initiate a sync between the Central Patch Repository and the Desktop Central server. Once the sync is complete, search for the respective Patch IDs or Bulletin ID and deploy them to your target systems.

 Patch ID
 Bulletin ID
 Patch Description
 31435
 MS21-MAY8
 Security Update For Exchange Server 2013 CU23 (KB5003435)
 31438
 MS21-MAY8
 Security Update For Exchange Server 2016 CU19 (KB5003435)
 31437
 MS21-MAY8
 Security Update For Exchange Server 2016 CU20 (KB5003435)
 31440
 MS21-MAY8
 Security Update For Exchange Server 2019 CU8 (KB5003435)
 31441
 MS21-MAY8
 Security Update For Exchange Server 2019 CU9 (KB5003435)

Note: The patches mentioned here will only be applicable if the respective cumulative updates have already been installed.

 

For example: Patch 31435 will only be shown missing in systems that have Exchange Server 2013 installed and the Cumulative Update 23 (CU 23) installed.

 

 

Cheers,

The ManageEngine Team