Microsoft Exchange Server: Security updates released for January 2022
After the mess with undeliverable emails, Microsoft released today for their Exchange Server ProProduct security updates released. These fix a total of three security vulnerabilities.
It's patch day at Microsoft again - always the second Tuesday of the month, when Microsoft releases security updates for almost all of their softwareprobrings products online. The January 2022 security updates for Exchange Server address vulnerabilities found by partners or by Microsoft. There are currently no known active exploits - nevertheless, as usual, we recommend installing the updates as quickly as possible. Even more so with these security gaps with possible “remote code execution”.
January 2022 update for Exchange Server 2013, 2016 and 2019
The update does not require any further steps other than a normal installation. As always, this is done by downloading the .msp file and then executing it as administrator via CMD or PowerShell. As always, Microsoft is providing security updates for the last two CU versions, except for 2013. This time it fixes the three security holes CVE-2022-21969, CVE-2022-21855 and CVE-2022-21846, which are classified twice with "High" and once with "Critical".
Depending on the size of the organization, the performance of the server and other influences, you should expect a downtime of at least 15 to 30 minutes.