Security updates have been released for Exchange 2016 and Exchange 2019.
The updates fix the following vulnerability and implements a security advisory;
- CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability
- ADV24199947: Microsoft announces the deprecation of Oracle’s libraries in Exchange Server
The vulnerability currently isn’t publicly disclosed nor exploited. And even though it is rated as “Exploitation Less Likely”, it is still recommended to update as soon as possible.
The updates also contains the following non-security issue;
However, these updates also come with 3 known issues;
- OutsideInModule is disabled
- Download domains not working
- OwaDeepTestProbe and EacBackEndLogonProbe fail
View: Exchange Blog: Released: March 2024 Exchange Server Security Updates
Exchange 2019 CU14 SU1 – Download – KB5036401
Exchange 2019 CU13 SU5 – Download – KB5036402
Exchange 2016 CU23 SU12 – Download – KB5036386