patchletter

The current version of Exchange Server is 15.2.2562.43 (as of 09/06/2026).

Exchange Server

Microsoft · current 15.2.2562.43

Actively exploited vulnerabilities

The US cybersecurity agency CISA lists these vulnerabilities in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.

  • CVE-2021-26857Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2021-27065Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2021-26858Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2021-26855Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2021-31207Microsoft Exchange Server Security Feature Bypass VulnerabilityRansomware
  • CVE-2021-34473Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2020-0688Microsoft Exchange Server Validation Key Remote Code Execution VulnerabilityRansomware
  • CVE-2021-34523Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
  • CVE-2018-8581Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
  • CVE-2022-41040Microsoft Exchange Server Server-Side Request Forgery VulnerabilityRansomware
  • CVE-2022-41082Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
  • CVE-2022-41080Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
  • CVE-2023-21529Microsoft Exchange Server Deserialization of Untrusted Data VulnerabilityRansomware
  • CVE-2020-17144Microsoft Exchange Server Remote Code Execution Vulnerability
  • CVE-2021-33766Microsoft Exchange Server Information Disclosure
  • CVE-2024-21410Microsoft Exchange Server Privilege Escalation Vulnerability
  • CVE-2021-31196Microsoft Exchange Server Information Disclosure Vulnerability

Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.

Exchange Server at a glance

Microsoft Exchange Server (on-premises) is a mail and calendaring platform that has repeatedly been the focus of actively exploited, high-severity vulnerabilities. Microsoft ships cumulative updates plus frequent security updates; here, patch day is planning day — Exchange flaws are weaponized fast and broadly.

For admins timely security updates are non-negotiable, applied in the documented order (schema, then servers), with a health check afterwards. Keep Exchange behind up-to-date TLS, minimize its internet exposure, and consider the Exchange Emergency Mitigation service. Test CUs where possible before production. Track the support lifecycle — older Exchange versions reaching end of support must be migrated or moved to Exchange Online. Subscribe to Microsoft's security bulletins; patchletter flags new builds.

Support cycles (endoflife.date)

CycleLatest versionStatus
subscription15.2.2562.43supported
201915.2.1748.46End of Life
201615.1.2507.69End of Life
201315.0.1497.48End of Life
201014.3.513.0End of Life
20078.3.517.0End of Life
20036.5.7654.4End of Life
20006.0.6620.7End of Life

Release history · as detected by patchletter

VersionChannelDateNotes
15.2.2562.43STABLE09/06/2026Release notes →

Never miss a Exchange Server update

We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.

Watch Exchange Server

Related tools in Servers & Databases