Security 10808 Published by

Microsoft is releasing the final set of security updates for CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several Cumulative Updates that are out of support, including Exchange Server 2019, CU1  and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11.





**************************************************************************************
Title: Microsoft Security Update Releases
Issued: March 11, 2021
**************************************************************************************

Summary
=======

The following CVE and advisory have undergone a revision increments:

Critical CVEs
============================
        
* CVE-2021-26855 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855 
* CVE-2021-27065 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065 
* CVE-2021-26857 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857 


Important CVEs
============================

* CVE-2021-26858 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858 


Publication information
===========================

 - Microsoft Exchange Server Remote Code Execution Vulnerability
 - See preceding list for links
 - Version 4.0
 - Reason for Revision: Microsoft is releasing the final set of security updates for 
   CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, and CVE-2021-26858 for several
   Cumulative Updates that are out of support, including Exchange Server 2019, CU1 
   and CU2; and Exchange Server 2016 CU 8, CU 9, CU10, and CU11. These updates address
   only those CVEs. Customers who want to be protected from these vulnerabilities can 
   apply these updates if they are not Exchange Server on a supported cumulative update.
   Microsoft strongly recommends that customers update to the latest supported cumulative
   updates.  
 - Originally posted: March 2, 2021
 - Updated: March 11, 2021

ADV990001

 - ADV990001 | Latest Servicing Stack Updates
 - https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
 - Version 34.1
 - Reason for Revision: Removed information for Windows 10 versions 2004 and 20H2
   as these service stack updates have been rolled into the cumulative update.
 - Originally posted: March 2, 2021
 - Updated: November 13, 2018