Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019.
The updates can be downloaded here:
The updates close the security vulnerability classified as critical CVE-2022-23277 and the vulnerability classified as important CVE-2022-24463.
As Exchange servers are currently often used as a target or gateway for attacks, every admin should ensure that security updates for Exchange servers and the operating system are installed as soon as possible.
Microsoft also explicitly points out that the manual installation of the update must be carried out using a shell in "Elevated" mode ("Run as administrator"). Here is an example of the "Elevated Shell":
The update can of course also be installed via WSUS, Windows Update or other tools. If the Exchange Server update goes wrong, you can find some possible solutions to the problems here:
Here you can find the article on the Exchange Team Blos:
Sehr empfehlenswert ist auch das Script „Exchange Health Checker„, welches einen übersichtlichen Report zum Zustand der Exchange Servern liefert. Die Ausgabe des Exchange Health Checkers ist auch im Exchange Reporter integrated.