A quick note that an update was released for current Exchange versions as well as Exchange 2010 related to the following advisory:
- ADV190018 Microsoft Exchange Server Defense in Depth Update
Unfortunately – or perhaps understandably – the advisory doesn’t present any more details than, ‘”Microsoft has released an update for Microsoft Exchange Server that provides enhanced security as a defense in depth measure.”.
You can download the security updates here:
- Security Update For Exchange Server 2019 CU1 (v15.2.330.8, KB4503027)
- Security Update For Exchange Server 2019 (v15.2.221.17, KB4503027)
- Security Update For Exchange Server 2016 CU11 (v15.1.1591.17, KB4503027)
- Security Update For Exchange Server 2016 CU12 (v15.1.1713.7, KB4503027)
- Security Update for Exchange Server 2013 CU22 (v15.0.1473.5, KB4503028)
- Exchange 2010 SP3 RU28 (v14.3.461.1, KB4503028)
Be advised that the Security Updates for Exchange 2013-2019 are Cumulative Update level specific. Unfortunately, the security update carries the same name for different CU’s, and you cannot apply the update for Exchange 2016 CU12 to Exchange 2016 CU11. I would suggest tagging the Cumulative Update in the file name when you store it, e.g. Exchange2016-KB4503027-x64-en_CU11.msp.
As with any patch or update, I’d recommend to apply this in a acceptance environment first, prior to implementing it in production.