First published: Tue Jan 10 2023(Updated: )
Microsoft Exchange Server Information Disclosure Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Exchange Server | =2016-cumulative_update_23 | |
Microsoft Exchange Server | =2019-cumulative_update_11 | |
Microsoft Exchange Server | =2019-cumulative_update_12 | |
Microsoft Exchange Server 2016 | =23 | |
Microsoft Exchange Server 2019 | =11 | |
Microsoft Exchange Server 2019 | =12 | |
=2016-cumulative_update_23 | ||
=2019-cumulative_update_11 | ||
=2019-cumulative_update_12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-21761 is a vulnerability in Microsoft Exchange Server that allows for information disclosure.
CVE-2023-21761 has a severity rating of 7.5, which is considered high.
Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, and Microsoft Exchange Server 2019 Cumulative Update 12 are affected by CVE-2023-21761.
To fix CVE-2023-21761, you can apply the patches provided by Microsoft, which are available at the following URLs: Microsoft Exchange Server 2016 - Cumulative Update 23 (https://www.microsoft.com/downloads/details.aspx?familyid=e775134a-a23b-4375-8be2-61123b4addd3) and Microsoft Exchange Server 2019 - Cumulative Update 11 (https://www.microsoft.com/downloads/details.aspx?familyid=ecb11461-88df-428b-b0a8-1fa9fa892b25) or Cumulative Update 12 (https://www.microsoft.com/downloads/details.aspx?familyid=6237df2d-0ad0-415d-8b98-a8c985ed6214).
You can find more information about CVE-2023-21761 on the Microsoft Security Response Center website at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761.