FPCH Admin AWS Posted October 12, 2022 FPCH Admin Posted October 12, 2022 (edited) Microsoft has released Security Updates (SUs) for vulnerabilities found in: Exchange Server 2013 Exchange Server 2016 Exchange Server 2019 SUs are available in a self-extracting auto-elevating .exe package, as well as the original update packages (.msp files), which can be downloaded from the Microsoft Update Catalog. The October 2022 SUs are available for the following specific versions of Exchange Server: Exchange Server 2013 CU23 Exchange Server 2016 CU22 and CU23 Exchange Server 2019 CU11 and CU12 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Our recommendation is to immediately install these updates to protect your environment. These vulnerabilities affect Exchange Server. Exchange Online customers are already protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating any Exchange servers in their environment. NOTE The October 2022 SUs do not contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please see this blog post to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready. Also note that in this update, we have re-released fixes for some CVEs published in August 2022, to highlight the resolution of known issue. More details about specific CVEs can be found in the Security Update Guide (filter on Exchange Server under Product Family). Enable Windows Extended Protection Starting with the August 2022 SUs, Exchange Server supports the Windows Extended Protection (EP) feature, which can help you protect your environments from authentication relay or "man in the middle" (MitM) attacks. If you have not yet enabled EP in your environment, please install the October SUs which address a known issue in Exchange EP support (see below). Then, review the information in the Manual Enablement of Extended Protection section of our August announcement for more details. Customers who have already installed the August 2022 SUs and have enabled EP do not need to re-run the EP script after installing the October SUs. Update installation The following update paths are available: Inventory your Exchange Servers to determine which updates are needed using the latest release of the Exchange Server Health Checker script. Running this script will tell you if any of your Exchange Servers are behind on updates (CUs, SUs, or manual actions). Install the latest CU. Go to Microsoft 365 Deployment Guides and Setup Wizards | Microsoft 365 Apps and choose your currently running CU and your target CU to get directions. If you encounter errors during or after installation of Exchange Server, see the SetupAssist script. If something does not work properly after updates, see Repair failed installations of Exchange Cumulative and Security updates. Known issues with this release We are not aware of any known issues with this release. Issues resolved by this release In Exchange 2013, Exchange 2016, and Exchange 2019 various Outlook and compliance-related monitoring probes show as Failed once EP is enabled. FAQs My organization is in Hybrid mode with Exchange Online. Do I need to do anything? Exchange Online is already protected, but the October 2022 SUs need to be installed on your Exchange servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard after installing these updates. Do I need to install the updates on ‘Exchange Management Tools only’ workstations? Servers and workstations running only the Management tools role (no Exchange services) do not need these updates. This post might receive future updates; they will be listed here (if available). The Exchange Server Team Continue reading... Edited October 12, 2022 by AWS Quote Off Topic Forum - Unlike the Rest
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.