Security updates for Exchange Server (January 2022)

Update[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of January 11, 2022. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.


Microsoft  has published the Techcommunity post Released: January 2022 Exchange Server Security Updates with a description of the security updates. Blog reader Tom pointed me to it (thanks for that).

Exchange Server (January 2022) Security Updates

And on Twitter I came across the above notice. Updates are available for the following Exchange Server versions.

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU21, CU22
  • Exchange Server 2019 CU10, CU11

These vulnerabilities affect on-premises Microsoft Exchange servers as well as servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action. Although Microsoft is not aware of any active exploits in the wild, it recommends installing these updates immediately to protect your Exchange installation. This Microsoft support article lists the following three vulnerabilities.

The download links and update details may bef ound within this support article. Here are the download links:


If the security updates are installed manually, this process must be started from an administrative command prompt. Otherwise, problems will occur during the installation. Regarding further known problems, some hints can be found in this Microsoft support article.

Similar articles:
Important notes from Microsoft regarding the Exchange server security update (March 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Hack News – Test tools from Microsoft and others
ProxyLogon hack: Administrator's Repository for affected Exchange systems
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange security updates from July 2021 breaks ECP and OWA
Exchange 2016/2019: Outlook problems due to AMSI integration

Exchange Year 2022 Problem: FIP-FS Scan Engine failed to load – Can't Convert "2201010001" to long (1.1.2022),
Microsoft confirms Exchange Year 2022 problem that FIP-FS Scan Engine failed to load (Jan. 1, 2022)
Temporary Fix for Exchange Year 2022 Bug FIP-FS Scan Engine failed to load (Jan. 1, 2022)
Microsoft Exchange (On-Premises) one-click Mitigation Tool (EOMT) released

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software, Update and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *