Security updates have been released for Exchange 2013, Exchange 2016 and Exchange 2019.
The updates fixes the following Vulnerabilities;
- CVE-2022-21846: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2022-21855: Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2022-21969: Microsoft Exchange Server Remote Code Execution Vulnerability
None of the them are currently publicly disclosed nor being exploited. However, their exploitability assessment are all regarded as “Exploitation More Likely”. It is therefor important to update as soon as possible.
View: Exchange Blog: Released: January 2022 Exchange Server Security Updates
View: Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: January 11, 2022 (KB5008631)
Download: Security Update for Exchange 2019 CU10 and CU11
Download: Security Update for Exchange 2016 CU21 and CU22
Download: Security Update for Exchange 2013 CU23