The November 2021 Microsoft Patch Tuesday updates were released on November, 9th. The full release covered 55 security updates and vulnerabilities found in Exchange Servers 2013, 2016, 2019. Included in this release is a patch that covers an actively exploited zero-day vulnerability classified as CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability. This one vulnerability only affects on-premises and hybrid Exchange servers 2016, and 2019.
Course of Action
These security updates will be automatically applied as part of the regular November patching schedule for any managed patching customers (IT Essentials, Network Security, or Network Monitoring-servers only), who have on-premises Microsoft Exchange Server 2013, 2016, and 2019.
For clients who do not subscribe to a Systems Engineering patching service and have an affected on-premises Exchange server, Microsoft recommends applying the security updates to address the vulnerability immediately.
NOTE: Exchange Online customers are already protected and no additional action is needed.
If you have questions about this security alert, please reach out to your Account Manager.