Microsoft releases a patch for older versions of Exchange

Microsoft releases a patch for older versions of Exchange

Microsoft has released security updates for unsupported versions of Exchange email servers following widespread attacks exploiting four newly discovered security vulnerabilities.


Microsoft has already released out-of-band emergency patches for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 but, in light of ongoing cyberattacks exploiting the flaws, it's produced security updates for earlier versions of Exchange it otherwise does not patch. 


More Coverage



The security updates for older versions of Exchange only address the four newly disclosed flaws that are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The issues affect on-premise Exchange servers. 


Though patches for unsupported Microsoft products are rare, the company has been forced to issue them on multiple occasions in the past five years to address global cyberattacks. It made patches for unsupported Windows XP in 2017 after the WannaCry ransomware attacks and produced patches for Windows XP again in 2019 after identifying a severe wormable flaw in Windows.    


Microsoft notes that this security update for Exchange only addresses the four new flaws and does not mean those versions of Exchange, such as Exchange 2010 and earlier, are now supported. The patches are designed to update specific cumulative updates (CU) of Exchange. 


The patches include updates for the following cumulative updates: 


"Microsoft is producing an additional series of security updates (SUs) that can be applied to some older (and unsupported) Cumulative Updates (CUs). The availability of these updates does not mean that you don't have to keep your environment current,"
Support the originator by clicking the read the rest link below.