Microsoft has released new security updates for Exchange Server 2013, 2016 and 2019. Click here to go directly to the downloads:
Das Update behebt eine Schwachstelle (CVE-2022-21978) welche als „Wichtig“ eingestuft ist. Das Update sollte daher zeitnah installiert werden.
Details on the vulnerability can be found here:
The security updates require that /PrepareAllDomains is executed manually after the installation of the security updates. For Exchange 2016 and 2019, the following command must be executed:
Setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAllDomains
For Exchange 2013 it is this command:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAllDomains
The setup.exe file can be found in the Exchange installation directory (C:\Program Files\Microsoft\Exchange Server\v15\Bin).
Here is the article on the Exchange Team Blog:
Another important change is that the security updates are no longer only offered as .msp files, but also as .EXE files. In the past, a shell with extended rights had to be started first, from which the update was then installed. Installing the updates without extended rights often resulted in a faulty Exchange installation. The update in .EXE format can now be installed simply by double-clicking. The required rights are requested automatically. This makes the manual installation of updates a little easier. Security updates will continue to be available as .msp files, this format is suitable for automatic installation.
Another new feature is that the updates generate log files about the installation. The logs are saved in the folder C:\Program Files\Microsoft\Exchange Server\v15\Logging\Update. So if an update goes wrong, you might find a clue to the cause here. Here is a description of the security update as an .EXE file:
Update 10.05.2022: In the original article the wrong CVEs from the March update were linked. This has been corrected.
