Security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5003435) released to fix 1 zero-day and other vulnerabilities in Exchange Server
Hello everyone,
This Patch Tuesday comes with a security rollup update (KB5003435) that resolves vulnerabilities in Microsoft Exchange server which includes 1 zero-day (CVE-2021-31207). Though the zero-day was publicly disclosed, there are no known cases of exploitation. The details of the vulnerabilities fixed in this update are as follows:
This Patch Tuesday comes with a security rollup update (KB5003435) that resolves vulnerabilities in Microsoft Exchange server which includes 1 zero-day (CVE-2021-31207). Though the zero-day was publicly disclosed, there are no known cases of exploitation. The details of the vulnerabilities fixed in this update are as follows:
| CVE ID | Impact | Severity |
| CVE-2021-31195 | Remote Code Execution | Important |
| CVE-2021-31198 | Remote Code Execution | Important |
| CVE-2021-31207 | Remote Code Execution | Zero-day |
| CVE-2021-31209 | Remote Code Execution | Important |
| Patch ID | Bulletin ID | Patch Description |
| 31435 | MS21-MAY8 | Security Update For Exchange Server 2013 CU23 (KB5003435) |
| 31438 | MS21-MAY8 | Security Update For Exchange Server 2016 CU19 (KB5003435) |
| 31437 | MS21-MAY8 | Security Update For Exchange Server 2016 CU20 (KB5003435) |
| 31440 | MS21-MAY8 | Security Update For Exchange Server 2019 CU8 (KB5003435) |
| 31441 | MS21-MAY8 | Security Update For Exchange Server 2019 CU9 (KB5003435) |
Note: The patches mentioned here will only be applicable if the respective cumulative updates have already been installed.
For example: Patch 31435 will only be shown missing in systems that have Exchange Server 2013 installed and the Cumulative Update 23 (CU 23) installed.
Cheers,
The ManageEngine Team