Microsoft Exchange Server: Security updates released for January 2022
After the mess with undeliverable emails, Microsoft today released security updates for its Exchange Server products. These fix a total of three security holes.
It's Patchday again at Microsoft - always the second Tuesday of the month, when Microsoft brings security updates online for almost all of its software products. The January 2022 security updates for Exchange Server address partner or Microsoft-found vulnerabilities. There are currently no known active exploits - nevertheless, as usual, it is advisable to install the updates as quickly as possible. In addition, with these security gaps with possible "remote code execution".
January 2022 update for Exchange Server 2013, 2016 and 2019
The update does not require any further steps other than a normal installation. As always, this is done by downloading the .msp file and then executing it as administrator via CMD or PowerShell. As always, Microsoft is providing security updates for the last two CU versions, except for 2013. This time it fixes the three security holes CVE-2022-21969, CVE-2022-21855 and CVE-2022-21846, which are classified twice with "High" and once with "Critical".
Depending on the size of the organization, the performance of the server and other influences, you should expect a downtime of at least 15 to 30 minutes.