Microsoft has released security updates as a part of this month Patch Tuesday and it has a Zero Day exploits in Exchange Server, those vulnerabilities found in:

  • Exchange Server 2013
  • Exchange Server 2016
  • Exchange Server 2019

These updates are available for the following specific builds of Exchange Server:

The CVSS score stands as CVSS:3.1 8.8 / 7.7 , Since the attacker need to be authenticated to exploit this Vulnerability.

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU21 and CU22
  • Exchange Server 2019 CU10 and CU11

The November 2021 security updates for Exchange Server address vulnerabilities of limited targeted attacks in the wild using one of vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019.

These vulnerabilities affect on-premises Microsoft Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action