{"id":24412,"date":"2022-05-11T00:02:08","date_gmt":"2022-05-10T22:02:08","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24412"},"modified":"2022-05-11T09:25:10","modified_gmt":"2022-05-11T07:25:10","slug":"exchange-server-sicherheitsupdates-10-mai-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/05\/11\/exchange-server-sicherheitsupdates-10-mai-2022\/","title":{"rendered":"Exchange Server Security Updates (May 10, 2022)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" alt=\"Update\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/05\/10\/exchange-server-sicherheitsupdates-10-mai-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of May 10, 2022. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg02.met.vgwort.de\/na\/92f04e71682d4f3c8708bf6f02376d67\" alt=\"\" width=\"1\" height=\"1\" \/>The May 2022 Exchange Server security updates address vulnerabilities reported by security partners and found through Microsoft's internal processes. Microsoft has published the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-may-2022-exchange-server-security-updates\/ba-p\/3301831\" target=\"_blank\" rel=\"noopener\">Released: May 2022 Exchange Server Security Updates<\/a> with a description of the security updates.<\/p>\n<p><a href=\"https:\/\/twitter.com\/dmiplo\/status\/1524073836169334793\"><img decoding=\"async\" title=\"Exchange Server May 2022) Security Updates\" src=\"https:\/\/i.imgur.com\/19vivJh.png\" alt=\"Exchange Server (May 2022) Security Updates\" \/><\/a><\/p>\n<p>And on Twitter I came across the above notice. There are security updates available for the following Exchange Server CU versions.<\/p>\n<ul>\n<li>Exchange Server 2013 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=943353da-e3d1-4397-abb0-ea02fb779fb2\" target=\"_blank\" rel=\"noopener\">CU23<\/a><\/li>\n<li>Exchange Server 2016\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=78a65874-1ca8-4ccc-b41a-f47823cf3598\" target=\"_blank\" rel=\"noopener noreferrer\">CU22<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=51ee8758-94a2-4c8c-9349-fad41558570f\" target=\"_blank\" rel=\"noopener noreferrer\">CU23<\/a><\/li>\n<li>Exchange Server 2019\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=ca8fb2cb-505a-4120-a1ea-c479a948f200\" target=\"_blank\" rel=\"noopener\">CU11<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=11b71eb1-8e6f-47e5-a58c-74aa94be1ea6\" target=\"_blank\" rel=\"noopener\">CU12<\/a><\/li>\n<\/ul>\n<p>The updates for May 2022 closes the following vulnerability rated as Important and with a CVSSv3 score of 8.2.<\/p>\n<blockquote><p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21978\" target=\"_blank\" rel=\"noopener\">CVE-2022-21978 | Microsoft Exchange Server Elevation of Privilege VulnerabilityThe vulnerability allows privilege elevation, with exploitation rated as Exploitation Less Likely. An attacker must already be authenticated to a vulnerable Exchange Server \"as a member of a highly privileged group\" to exploit this vulnerability, but could use it to elevate themselves to domain administrator. <\/a><\/p><\/blockquote>\n<p>While these requirements outlined above make it less likely that attackers will exploit this vulnerability, vulnerabilities in Exchange Servers are a favorite target for attackers. Vulnerabilities that can give attackers domain administrator privileges are particularly valuable, Tenable writes in <a href=\"https:\/\/www.tenable.com\/blog\/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925\" target=\"_blank\" rel=\"noopener\">this post<\/a>.<\/p>\n<p>If the security updates are installed manually, this process must be started from an administrative command prompt. Otherwise, problems will occur during the installation.<\/p>\n<blockquote><p>Note that manual execution of \/PrepareAllDomains (after installation) is required.\u00a0 Microsoft describes in the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-may-2022-exchange-server-security-updates\/ba-p\/3301831\" target=\"_blank\" rel=\"noopener\">Released: May 2022 Exchange Server Security Updates<\/a> actions that should be taken in addition to applying the May 2022 security updates due to additional security measures for CVE-2022-21978.<\/p><\/blockquote>\n<p>The fixes rolled out with these updates (e.g., that the Exchange Service Host Service dies after installing the March 2022 update <a href=\"https:\/\/support.microsoft.com\/help\/5013118\" target=\"_blank\" rel=\"noopener\">KB5013118<\/a>)can be found in the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-may-2022-exchange-server-security-updates\/ba-p\/3301831\" target=\"_blank\" rel=\"noopener\">Released: May 2022 Exchange Server Security Updates<\/a>.<\/p>\n<h2>Now also .exe packages<\/h2>\n<p>Starting with this version of the security updates, the updates are released in a self-extracting, auto-uploading .exe package (in addition to the existing Windows Installer patch format). More information can be found in this article. The original update packages can be downloaded from the <a href=\"https:\/\/www.catalog.update.microsoft.com\/Home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a>.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/03\/09\/sicherheitsupdates-fr-exchange-server-8-mrz-2022\/\">Security updates for Exchange Server (March 8, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/wichtige-hinweise-microsofts-und-des-bsi-zum-exchange-server-sicherheitsupdate-mrz-2021\/\">Important notes from Microsoft regarding the Exchange server security update (March 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/07\/neues-zum-exchange-hack-testtools-von-microsoft-co\/\">Exchange Hack News \u2013 Test tools from Microsoft and others<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/15\/proxylogon-hack-repository-fr-betroffene-exchange-administratoren\/\">ProxyLogon hack: Administrator's Repository for affected Exchange systems<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/07\/17\/exchange-sicherheitsupdates-von-juli-2021-zerschieen-ecp-und-owa\/\">Exchange security updates from July 2021 breaks ECP and OWA<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/sicherheitsupdates-fr-exchange-server-januar-2022\/\">Security updates for Exchange Server (January 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/03\/11\/probleme-mit-exchange-mrz-2022-updates\/\">Issues with Exchange March 2022 Updates<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/04\/22\/exchange-server-april-2022-cu-20-4-2022\/\">Exchange Server CUs (April 20, 2022)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of May 10, 2022. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/05\/11\/exchange-server-sicherheitsupdates-10-mai-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[869,2727,69,195],"class_list":["post-24412","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-exchange","tag-patchday-5-2022","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24412"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24412\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}