Microsoft Exchange Server: Critical Security Updates for March 2022
It's the second Tuesday of the month, it's patch day - the new security updates for Microsoft Exchange Server are here. Also this time all three versions 2013, 2016 and 2019 get an update, which fills a total of two gaps. And this time they have it all again - it is again about critical securityprostated problems.
Anyone who thinks that there were no CU updates or security updates from Microsoft for Exchange Server in February is actually right. This update was actually "postponed" to March. the last update was in January 2022, which eliminated a total of three vulnerabilities (one of them with a critical rating). This time it's about the critical one CVE-2022-23277 and the one marked as highly relevant CVE-2022-24463 Gap.
Exchange Server 2013/2016/2019 with critical vulnerability
Like a user a few days ago on Reddit announced that the company has another update available today that closes another critical gap. As expected, it's again about "Remote Code Execution" - the usual evil by now. In this case, too, all three versions of the Microsoft Exchange Server, i.e. 2013, 2016 and 2019, are affected. We have listed the download links for the respective CU and server versions below.
It is recommended here again, this time by Microsoft explicit requiredto run the update via command prompt as an administrator. To do this, navigate directly to the .msp file with the console open and run it like this.
Again, you should allow for a downtime of at least 30 minutes, depending on the size of the organization and the speed of the server. In addition, you should not forget to import the Windows Server security updates that were released today.