Security Updates for Exchange 2016, 2013 and 2010

Ex2013 LogoA quick heads-up for those that missed it that earlier this month, as Microsoft released security updates for supported releases of Exchange Server 2016 and 2013 as well as Exchange Server 2010.

The security updates patch issues as reported in the following Microsoft Common Vulnerabilities and Exposures:

  • CVE-2018-8151 – Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2018-8154 – Microsoft Exchange Memory Corruption Vulnerability
  • CVE-2018-8159 – Microsoft Exchange Elevation of Privilege Vulnerability
  • CVE-2018-8153 – Microsoft Exchange Spoofing Vulnerability
  • CVE-2018-8152 – Microsoft Exchange Server Elevation of Privilege Vulnerability

You can download the security updates here:

You may notice that Exchange 2013 Service Pack 1 is still in there, but this is because Cumulative Updates and Service Packs are on a different servicing model. Every Cumulative Update is supported for three months after the release of the next Cumulative Update; Exchange 2013 SP1 entered extended support early April, and will only receive critical updates such as this one.

Be advised that for Exchange 2013 and 2016, Security Updates are Cumulative Update level specific. While the downloaded security updates may carry the same name, the files are different and you cannot apply the downloaded security update file for Exchange 2016 CU8 to Exchange 2016 CU9. I suggest adding some form of identification of the Cumulative Update to the file name when you save it, e.g. Exchange2016-KB4092041-x64-en-CU9.msp.

As with any patch or update, I’d recommend to thoroughly test this in a test and acceptance environment first, prior to implementing it in production.


1 thought on “Security Updates for Exchange 2016, 2013 and 2010

  1. Pingback: Security Updates for Exchange 2016, 2013 and 2010 | EighTwOne (821)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.