[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of January 11, 2022. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.
Advertising
Microsoft has published the Techcommunity post Released: January 2022 Exchange Server Security Updates with a description of the security updates. Blog reader Tom pointed me to it (thanks for that).
And on Twitter I came across the above notice. Updates are available for the following Exchange Server versions.
- Exchange Server 2013 CU23
- Exchange Server 2016 CU21, CU22
- Exchange Server 2019 CU10, CU11
These vulnerabilities affect on-premises Microsoft Exchange servers as well as servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action. Although Microsoft is not aware of any active exploits in the wild, it recommends installing these updates immediately to protect your Exchange installation. This Microsoft support article lists the following three vulnerabilities.
- CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2022-21855 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2022-21969 | Microsoft Exchange Server Remote Code Execution Vulnerability
The download links and update details may bef ound within this support article. Here are the download links:
Advertising
- Download Exchange Server 2019 Cumulative Update 11 Security Update 3 (KB5008631)
- Download Exchange Server 2019 Cumulative Update 10 Security Update 4 (KB5008631)
- Download Exchange Server 2016 Cumulative Update 22 Security Update 3 (KB5008631)
- Download Exchange Server 2016 Cumulative Update 21 Security Update 4 (KB5008631)
- Download Exchange Server 2013 Cumulative Update 23 Security Update 13 (KB5008631)
If the security updates are installed manually, this process must be started from an administrative command prompt. Otherwise, problems will occur during the installation. Regarding further known problems, some hints can be found in this Microsoft support article.
Similar articles:
Important notes from Microsoft regarding the Exchange server security update (March 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Hack News – Test tools from Microsoft and others
ProxyLogon hack: Administrator's Repository for affected Exchange systems
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange security updates from July 2021 breaks ECP and OWA
Exchange 2016/2019: Outlook problems due to AMSI integration
Exchange Year 2022 Problem: FIP-FS Scan Engine failed to load – Can't Convert "2201010001" to long (1.1.2022),
Microsoft confirms Exchange Year 2022 problem that FIP-FS Scan Engine failed to load (Jan. 1, 2022)
Temporary Fix for Exchange Year 2022 Bug FIP-FS Scan Engine failed to load (Jan. 1, 2022)
Microsoft Exchange (On-Premises) one-click Mitigation Tool (EOMT) released
