1

April 2021 Exchange Security Updates

Today is patch Tuesday for April 2021 and there are critical Exchange server security updates in the release.  You can review all of the affected products on the MSRC blog or on the Security Update Guide (SUG).

Updates have been released for supported versions of Exchange 2013, 2016 and 2019.  Details can be found in KB 5001779.

Update 5-5-2021.  Two articles with known issues relating to this security update have been published.

"The syntax is not supported by this runspace" error after installing April 2021 Exchange security update

"(400) Bad Request" error during Autodiscover for per-user free/busy in a trusted cross-forest topology

Below is a view of the Security Update Guide, with a filter on Exchange Server 2016.

April 2021 Exchange Security Releases

For reference, the CVEs and their associated scores are:

CVE-2021-28480

CVE-2021-28481

CVE-2021-28482

CVE-2021-28483

As you will have seen before, Exchange updates are available for the CUs which can be serviced.  This is the current and previous update, also described as N and N-1.

New Exchange 2016 and 2019 CUs were recently released (after the March 2021 Hafnium updates), so this means that the updates released today are for N and N-1 versions of Exchange 2016 and 2019.

If you download the updates and install them manually, ensure that they are installed from an elevated cmd prompt.

The updates can be downloaded from:

  • Exchange Server 2016 CU19 and CU20
  • Exchange Server 2019 CU8 and CU9
  • Exchange Server 2013 CU23

 

 

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *