question

04098287 avatar image
0 Votes"
04098287 asked ZhengqiLou-MSFT commented

Which Exchange 2016 CU are vulnerable to vulnerabilities CVE-2021-34473, CVE-2021-34523, CVE-2021-31207?

Hello, colleagues.

Please tell me, do these vulnerabilities affect all CU Exchange 2016? And are these vulnerabilities present in Exchange 2010?
Or did these vulnerabilities appear only in CU19 and CU20?

office-exchange-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
0 Votes"
AndyDavid answered

They appear in all versions of 2016. You need to upgrade to the latest CUs to fix the issues ASAP. Your server is probably under attack or will be soon.

One of the vulnerabilities exists for older versions as well:
https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083

But you can only fix for all of them by being on a supported version of Exchange 2016 or 2019



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhengqiLou-MSFT avatar image
0 Votes"
ZhengqiLou-MSFT answered ZhengqiLou-MSFT commented

Hello @04098287 ,

Good day!

For your questions, both CVE-2021-34473, CVE-2021-34523 were fixed in the SU of April 13, 2021 (KB5001779).
And CVE-2021-31207 was fixed in May 11, 2021 (KB5003435).

So, for the Exchange 2016, if you have upgraded to CU21(CU10 for Exchange 2019), you don't have to worry about that because it's a full installation patch of the previous CUs and SUs. The servers with below CU20 and CU9 could be attacked by the vulnerabilities. So it is suggested to install the newest CU and also the July SU:
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-july-2021-exchange-server-security-updates/ba-p/2523421

As for Exchange 2010, the official document does not have anything about it except the article Andy has posted.

Best regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @04098287 ,

Do the suggestions above help? If the issue has been resolved, please click “Accept as answer” to mark the helpful reply as an answer, this will make answer searching in the forum easier and be beneficial to other community members as well.

If you are still stuck in this issue, please feel free to post your questions.

Regards,
Lou


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·