[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of March 8, 2022. These updates are required to address vulnerabilities reported by external security partners and found through Microsoft's internal processes. The updates apply to the Exchange Server on-premises installations listed below.
The March 2022 Exchange Server security updates address vulnerabilities reported by security partners and found through Microsoft's internal processes. Microsoft has published the Techcommunity post Released: March 2022 Exchange Server Security Updates with a description of the security updates.
And on Twitter I came across the above notice. Security updates are available for the following Exchange Server CU versions.
The March 2022 updates close the two vulnerabilities rated as critical.
- CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2022-24463 | Microsoft Exchange Server Spoofing Vulnerability
Although Microsoft is not aware of any active exploits in the wild, it is recommended to install these updates immediately. The fixed vulnerabilities affect on-premises Microsoft Exchange Server as well as servers used by customers in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action. Although Microsoft is not aware of any active exploits in the wild, the vendor recommends installing these updates immediately to protect the Exchange installation.
If the security updates are installed manually, it is mandatory to start this process from an administrative prompt. Otherwise, problems will occur during the installation.
Similar articles:
Important notes from Microsoft regarding the Exchange server security update (March 2021)
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange Hack News – Test tools from Microsoft and others
ProxyLogon hack: Administrator's Repository for affected Exchange systems
Exchange isues with ECP/OWA search after installing security update (March 2021)
Exchange security updates from July 2021 breaks ECP and OWA
Exchange 2016/2019: Outlook problems due to AMSI integration
Security updates for Exchange Server (January 2022)