{"id":26145,"date":"2022-08-10T11:45:14","date_gmt":"2022-08-10T09:45:14","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=26145"},"modified":"2022-08-10T11:55:51","modified_gmt":"2022-08-10T09:55:51","slug":"exchange-server-sicherheitsupdates-9-august-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/08\/10\/exchange-server-sicherheitsupdates-9-august-2022\/","title":{"rendered":"Exchange Server Security updates (August 9, 2022)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Update\" style=\"margin: 0px 10px 0px 0px\" border=\"0\" alt=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/08\/10\/exchange-server-sicherheitsupdates-9-august-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019, effective August 9. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/e92a7ba466c8494bbd156a5d9433594e\" width=\"1\" height=\"1\">The August 2022 Exchange Server security updates address vulnerabilities reported by security partners and found through Microsoft's internal processes. Microsoft has published the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-august-2022-exchange-server-security-updates\/ba-p\/3593862\" target=\"_blank\" rel=\"noopener\">Released: August 2022 Exchange Server Security Updates<\/a> with a description of the security updates.&nbsp; <\/p>\n<p><a href=\"https:\/\/i.imgur.com\/ABusiEw.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" title=\"Exchange August 2022 Updates\" alt=\"Exchange August 2022 Updates\" src=\"https:\/\/i.imgur.com\/ABusiEw.png\" width=\"618\" height=\"316\"><\/a>  <\/p>\n<p>Security updates are available for the following Exchange Server CU versions.  <\/p>\n<ul>\n<li>Exchange Server 2013 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=104482\" target=\"_blank\" rel=\"noopener\">CU23<\/a>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=4d630555-9c16-46fe-b72b-aec651b71efb\" target=\"_blank\" rel=\"noopener\">CU22<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=2961d7a6-c089-4fe6-8c4c-c100878950b8\" target=\"_blank\" rel=\"noopener\">CU23<\/a>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=edb31b02-83ab-4133-b327-29f3799e4861\" target=\"_blank\" rel=\"noopener\">CU11<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=104478\" target=\"_blank\" rel=\"noopener\">CU12<\/a><\/li>\n<\/ul>\n<p>The updates addresses the Microsoft Exchange Server Elevation of Privilege vulnerabilities <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21980\" target=\"_blank\" rel=\"noopener\">CVE-2022-21980<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-24477\" target=\"_blank\" rel=\"noopener\">CVE-2022-24477<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-24516\" target=\"_blank\" rel=\"noopener\">CVE-2022-24516<\/a>. Here is the complete list of vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21979\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-21979)<\/a>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21980\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-21980)<\/a>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-24516\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-24516)<\/a>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-24477\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-24477)<\/a>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-30134\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-30134)<\/a>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-34692\" target=\"_blank\" rel=\"noopener\">Microsoft Exchange Information Disclosure Vulnerability (CVE-2022-34692)<\/a><\/li>\n<\/ul>\n<p>Microsoft recommends installing these updates immediately, although there are no known active exploits in the wild yet. It should be noted that Exchange servers are updated to the current CU before the August 2022 updates are installed (see the graphic above and the note from Microsoft). Microsoft's <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Diagnostics\/HealthChecker\/\" target=\"_blank\" rel=\"noopener\">HealthChecker-PowerShell-Script<\/a> script can be used for testing.<\/p>\n<blockquote>\n<p>These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities covered in these SUs and do not need to take any action other than updating all Exchange servers in their environment. <\/p>\n<\/blockquote>\n<h2>Enable Windows Extended Protection<\/h2>\n<p>In an addendum, Microsoft notes that to fix some vulnerabilities closed in August 2022, administrators must enable <a href=\"https:\/\/docs.microsoft.com\/iis\/configuration\/system.webserver\/security\/authentication\/windowsauthentication\/extendedprotection\/\" target=\"_blank\" rel=\"noopener\">Windows Extended protection<\/a> on their Exchange servers (in IIS). Microsoft provides a script to enable this feature (the latest version can be found <a href=\"https:\/\/aka.ms\/ExchangeEPScript\" target=\"_blank\" rel=\"noopener\">here<\/a>). Before activating Extended Protection (EP) on production systems, you should check if the <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Security\/Extended-Protection\/\" target=\"_blank\" rel=\"noopener\">requirements<\/a> are met. The activation of Extended Protection (EP) is only supported by certain Exchange versions. And there are many, many known issues. <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/03\/09\/sicherheitsupdates-fr-exchange-server-8-mrz-2022\/\">Security updates for Exchange Server (March 8, 2022)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/wichtige-hinweise-microsofts-und-des-bsi-zum-exchange-server-sicherheitsupdate-mrz-2021\/\">Important notes from Microsoft regarding the Exchange server security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/05\/11\/exchange-server-sicherheitsupdates-10-mai-2022\/\">Exchange Server Security Updates (May 10, 2022)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/07\/neues-zum-exchange-hack-testtools-von-microsoft-co\/\">Exchange Hack News \u2013 Test tools from Microsoft and others<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/15\/proxylogon-hack-repository-fr-betroffene-exchange-administratoren\/\">ProxyLogon hack: Administrator's Repository for affected Exchange systems<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/17\/exchange-sicherheitsupdates-von-juli-2021-zerschieen-ecp-und-owa\/\">Exchange security updates from July 2021 breaks ECP and OWA<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/sicherheitsupdates-fr-exchange-server-januar-2022\/\">Security updates for Exchange Server (January 2022)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/07\/18\/verursacht-windows-update-kb5015811-performance-probleme-bei-exchange\/\">Is Windows Update KB5015811 causing Exchange performance issues?<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019, effective August 9. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/exchange-server-sicherheitsupdates-9-august-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22,2],"tags":[396,2738,69,195],"class_list":["post-26145","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","category-windows","tag-echange","tag-patchday-8-2022","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=26145"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26145\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=26145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=26145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=26145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}