The current version of Exchange Server is 15.2.2562.43 (as of 09/06/2026).
Exchange Server
Microsoft · current 15.2.2562.43
Actively exploited vulnerabilities
The US cybersecurity agency CISA lists these vulnerabilities in its catalog of Known Exploited Vulnerabilities. Check your version and patch or mitigate promptly.
- CVE-2021-26857Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2021-27065Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2021-26858Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2021-26855Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2021-31207Microsoft Exchange Server Security Feature Bypass VulnerabilityRansomware
- CVE-2021-34473Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2020-0688Microsoft Exchange Server Validation Key Remote Code Execution VulnerabilityRansomware
- CVE-2021-34523Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
- CVE-2018-8581Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
- CVE-2022-41040Microsoft Exchange Server Server-Side Request Forgery VulnerabilityRansomware
- CVE-2022-41082Microsoft Exchange Server Remote Code Execution VulnerabilityRansomware
- CVE-2022-41080Microsoft Exchange Server Privilege Escalation VulnerabilityRansomware
- CVE-2023-21529Microsoft Exchange Server Deserialization of Untrusted Data VulnerabilityRansomware
- CVE-2020-17144Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-33766Microsoft Exchange Server Information Disclosure
- CVE-2024-21410Microsoft Exchange Server Privilege Escalation Vulnerability
- CVE-2021-31196Microsoft Exchange Server Information Disclosure Vulnerability
Source: CISA KEV. The CVE is matched to the product automatically — when in doubt, the linked NVD entry applies.
Exchange Server at a glance
Microsoft Exchange Server (on-premises) is a mail and calendaring platform that has repeatedly been the focus of actively exploited, high-severity vulnerabilities. Microsoft ships cumulative updates plus frequent security updates; here, patch day is planning day — Exchange flaws are weaponized fast and broadly.
For admins timely security updates are non-negotiable, applied in the documented order (schema, then servers), with a health check afterwards. Keep Exchange behind up-to-date TLS, minimize its internet exposure, and consider the Exchange Emergency Mitigation service. Test CUs where possible before production. Track the support lifecycle — older Exchange versions reaching end of support must be migrated or moved to Exchange Online. Subscribe to Microsoft's security bulletins; patchletter flags new builds.
Support cycles (endoflife.date)
| Cycle | Latest version | Status |
|---|---|---|
| subscription | 15.2.2562.43 | supported |
| 2019 | 15.2.1748.46 | End of Life |
| 2016 | 15.1.2507.69 | End of Life |
| 2013 | 15.0.1497.48 | End of Life |
| 2010 | 14.3.513.0 | End of Life |
| 2007 | 8.3.517.0 | End of Life |
| 2003 | 6.5.7654.4 | End of Life |
| 2000 | 6.0.6620.7 | End of Life |
Release history · as detected by patchletter
| Version | Channel | Date | Notes |
|---|---|---|---|
| 15.2.2562.43 | STABLE | 09/06/2026 | Release notes → |
Never miss a Exchange Server update
We check the source daily and email you — instantly or as a digest. Free, one-click unsubscribe.
Watch Exchange Server