Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
- CVE-2019-1373: Microsoft Exchange Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user. Exploitation of this vulnerability requires that a user run cmdlets via PowerShell. The security update addresses the vulnerability by correcting how Exchange serializes its metadata.
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 12, 2019
Download: Security Update For Exchange Server 2013 Cumulative Update 23 (KB4523171)
Download: Security Update For Exchange Server 2016 Cumulative Update 13 (KB4523171)
Download: Security Update For Exchange Server 2016 Cumulative Update 14 (KB4523171)
Download: Security Update For Exchange Server 2019 Cumulative Update 2 (KB4523171)
Download: Security Update For Exchange Server 2019 Cumulative Update 3 (KB4523171)