Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
- CVE-2020-17117: Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17132: Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17141: Microsoft Exchange Remote Code Execution Vulnerability (does not apply to Exchange 2013)
- CVE-2020-17142: Microsoft Exchange Remote Code Execution Vulnerability
- CVE-2020-17143: Microsoft Exchange Information Disclosure Vulnerability
- CVE-2020-17144: Microsoft Exchange Remote Code Execution Vulnerability (only applies to Exchange 2010)
None of the vulnerabilities are currently publicly disclosed nor exploited. The Exploitability Assessment is rated: Exploitation Less Likely.
View: Description of the security update for Microsoft Exchange Server 2019 and 2016: December 8, 2020
View: Description of the security update for Microsoft Exchange Server 2013: December 8, 2020
View: Description of the security update for Microsoft Exchange Server 2010 Service Pack 3: December 8, 2020
Download: Security Update For Exchange Server 2019 CU7 (KB4593465)
Download: Security Update For Exchange Server 2019 CU6 (KB4593465)
Download: Security Update For Exchange Server 2016 CU18 (KB4593465)
Download: Security Update For Exchange Server 2016 CU17 (KB4593465)
Download: Security Update For Exchange Server 2013 CU23 (KB4593466)
Download: Update Rollup 3 For Exchange 2010 SP3 (KB4593467)
