{"id":27599,"date":"2022-11-09T01:50:03","date_gmt":"2022-11-09T00:50:03","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=27599"},"modified":"2024-10-11T23:38:44","modified_gmt":"2024-10-11T21:38:44","slug":"exchange-server-security-updates-november-8-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/11\/09\/exchange-server-security-updates-november-8-2022\/","title":{"rendered":"Exchange Server security updates (November 8, 2022)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"margin: 0px 10px 0px 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" alt=\"Update\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/11\/09\/exchange-server-sicherheitsupdates-8-november-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of November 8, 2022. These updates are intended to address NotProxyShell vulnerabilities that have been known (and already exploited) since late September 2022, as reported by external security partners.<br \/>\n<!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/28ef0c32beee4b3d815f0c713882c22e\" alt=\"\" width=\"1\" height=\"1\" \/>Microsoft has published the Techcommunity post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-november-2022-exchange-server-security-updates\/ba-p\/3669045\" target=\"_blank\" rel=\"noopener\">Released: November 2022 Exchange Server Security Updates<\/a> with a description of the security updates.<\/p>\n<p><a href=\"https:\/\/i.imgur.com\/2HgjBnL.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" title=\"Exchange November 2022 updates\" src=\"https:\/\/i.imgur.com\/2HgjBnL.png\" alt=\"Exchange November 2022 updates\" width=\"627\" height=\"174\" \/><\/a><\/p>\n<p>Security updates are available for the following Exchange Server CU versions (links from Microsoft, some of which have downloads from August 2022 &#8211; but the KB articles are linked correctly in the details).<\/p>\n<ul>\n<li>Exchange Server 2013 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=124eeb2b-4066-459e-9416-ee98683f4997\" target=\"_blank\" rel=\"noopener\">CU23<\/a>\u00a0 (upport ends in April 2023)<\/li>\n<li>Exchange Server 2016 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=ddb4f351-5cb6-4ce4-93c1-ec6946f7c26a\" target=\"_blank\" rel=\"noopener\">CU22<\/a>, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=4342d7ed-0583-4d2c-831c-836ee8f7bf62\" target=\"_blank\" rel=\"noopener\">CU23<\/a><\/li>\n<li>Exchange Server 2019 <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?familyID=09804a62-d5b7-4e38-9902-010326747aef\" target=\"_blank\" rel=\"noopener\">CU11<\/a>, CU12<\/li>\n<\/ul>\n<p>Microsoft writes in the Techcommunity post that the November 2022 security updates include fixes for the zero-day vulnerabilities that were publicly reported on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082).<\/p>\n<blockquote><p>at a critical infrastructure was attacked in early August 2022 during security monitoring and incident response activities. During the investigation, GTSC's Blue Team experts determined that the attack exploited an undisclosed Exchange vulnerability, i.e., a 0-day vulnerability. I had reported in the blog post <a href=\"https:\/\/borncity.com\/win\/2022\/09\/30\/exchange-server-werden-ber-0-day-exploit-angegriffen-29-sept-2022\/\">Exchange Servers are attacked via 0-day exploit (Sept. 29, 2022)<\/a>.<\/p>\n<p>As a result of these reports, Microsoft attempted to close the vulnerabilities with workarounds, but this turned into a \"drama\" with new filter rule fix notices being released daily. See my links at the end of the article that lead to blog posts reporting on this issue and Microsoft's workarounds.<\/p>\n<p>Anyone who used these workarounds (including disabling Remote PowerShell) should undo them after installing the November 2022 update.<\/p><\/blockquote>\n<p>Note Microsoft's guidance on update installation. Note that Exchange servers are updated to the current CU before the November 2022 updates are installed (see the graphic above and <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-november-2022-exchange-server-security-updates\/ba-p\/3669045\" target=\"_blank\" rel=\"noopener\">Microsoft's note<\/a>). Microsoft's <a href=\"https:\/\/microsoft.github.io\/CSS-Exchange\/Diagnostics\/HealthChecker\/\" target=\"_blank\" rel=\"noopener\">HealthChecker PowerShell<\/a> script can be used to check.<\/p>\n<blockquote><p>These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities covered in these SUs and do not need to take any action other than updating all Exchange servers in their environment.<\/p><\/blockquote>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/08\/10\/exchange-server-sicherheitsupdates-9-august-2022\/\">Exchange Server Security updates (August 9, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/04\/16\/exchange-update-fehler-und-infos-13-april-2021\/\">Exchange Update errors and information (April 13, 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/10\/12\/exchange-server-sicherheitsupdates-11-oktober-2022\/\" rel=\"bookmark\">Exchange Server security updates (October 11, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/03\/06\/exchange-probleme-mit-ecp-nach-sicherheitsupdate-mrz-2021\/\">Exchange isues with ECP\/OWA search after installing security update (March 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/07\/13\/exchange-2016-2019-outlook-probleme-durch-amsi-integration\/\">Exchange 2016\/2019: Outlook problems due to AMSI integration<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/09\/27\/exchange-server-september-2021-cu-kommt-zum-28-9-2021-mit-microsoft-exchange-emergency-mitigation-service\/\">Exchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2021\/08\/29\/exchange-server-2016-2019-benutzerdefinierte-attribute-in-ecp-nach-cu-installation-juli-2021-nicht-mehr-aktualisierbar\/\">Exchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/01\/exchange-server-2013-tipps-von-microsoft-zur-auerbetriebnahme-der-systeme\/\">Exchange Server 2013: Microsoft's tips on decommissioning the systems<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/16\/update-fr-exchange-extended-protection-script-aber-weiterhin-fehler\/\">Update for Exchange Extended Protection script, but still error<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/30\/exchange-health-checker-script-erweiterungen-von-frank-zchling\/\">Tip: Exchange Health Checker \u2013 Script extensions by Frank Z\u00f6chling<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2022\/09\/30\/exchange-server-werden-ber-0-day-exploit-angegriffen-29-sept-2022\/\">Exchange Servers are attacked via 0-day exploit (Sept. 29, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/09\/30\/microsofts-empfehlungen-fr-die-exchange-server-0-day-schwachstelle-zdi-can-18333\/\">Microsoft's recommendations for Exchange Server 0-day vulnerability ZDI-CAN-18333<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/10\/01\/neues-zur-exchange-server-0-day-schwachstelle-zdi-can-18333-korrekturen-scripte-und-ep-lsung\/\">Update on Exchange Server 0-day Vulnerability ZDI-CAN-18333: Fixes, Scripts and EMS Solution<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/10\/05\/exchange-server-microsofts-bessert-lsungen-fr-0-day-schutz-nach-5-oktober-2022\/\">Exchange Server: Microsoft updates it's mitigation for the 0-day ProxyNotShell vulnerability (October 5, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/10\/11\/exchange-server-microsofts-bessert-lsungen-fr-0-day-schutz-nach-8-oktober-2022\/\">Exchange Server: Microsofts improves solutions for 0-day mitigation again (October 8, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/10\/11\/exchange-server-neue-0-day-nicht-notproxyshell-cve-2022-41040-cve-2022-41082\/\">Exchange Server: New 0-day (not NotProxyShell, CVE-2022-41040, CVE-2022-41082)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of November 8, 2022. These updates are intended to address NotProxyShell vulnerabilities that have been known (and already exploited) since late September 2022, &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/11\/09\/exchange-server-security-updates-november-8-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[869,2751,69,195],"class_list":["post-27599","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-exchange","tag-patchday-11-2022","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=27599"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27599\/revisions"}],"predecessor-version":[{"id":36161,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/27599\/revisions\/36161"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=27599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=27599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=27599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}