Security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5003435) released to fix 1 zero-day and other vulnerabilities in Exchange Server

Security update for Microsoft Exchange Server 2019, 2016, and 2013 (KB5003435) released to fix 1 zero-day and other vulnerabilities in Exchange Server

Hello everyone,

This Patch Tuesday comes with a security rollup update (KB5003435) that resolves vulnerabilities in Microsoft Exchange server which includes 1 zero-day (CVE-2021-31207). Though the zero-day was publicly disclosed, there are no known cases of exploitation. The details of the vulnerabilities fixed in this update are as follows:

 CVE ID Impact Severity
 CVE-2021-31195 Remote Code Execution Important
 CVE-2021-31198 Remote Code Execution Important
 CVE-2021-31207 Remote Code Execution Zero-day
 CVE-2021-31209 Remote Code Execution Important

For details about the known issues in this update refer to this Support doc from Microsoft.

To install this update using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once the sync is complete, search for the respective Patch IDs or Bulletin ID and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 31435 MS21-MAY8 Security Update For Exchange Server 2013 CU23 (KB5003435)
 31438 MS21-MAY8 Security Update For Exchange Server 2016 CU19 (KB5003435)
 31437 MS21-MAY8 Security Update For Exchange Server 2016 CU20 (KB5003435)
 31440 MS21-MAY8 Security Update For Exchange Server 2019 CU8 (KB5003435)
 31441 MS21-MAY8 Security Update For Exchange Server 2019 CU9 (KB5003435)

Note: The patches mentioned here will only be applicable if the respective cumulative updates have already been installed.

 

For example: Patch 31435 will only be shown missing in systems that have Exchange Server 2013 installed and the Cumulative Update 23 (CU 23) installed.

 

 

Cheers,

The ManageEngine Team