Microsoft Exchange Servers security updates have been released for October 2022.
These updates are available for the following specific versions of Exchange Server:
The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).
These vulnerabilities only affect Exchange Server.
Exchange Online customers are already protected from the vulnerabilities addressed.
Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.
Additional Action Require!
As you know, we were doing
/PrepareAD operations before CU operations.
There is a new difference in the updates released in May.
The following actions should be taken in addition to the application of May 2022 security updates:
After doing cumulative update and security update then run the following Command Prompt command once using
Setup.exe in your Exchange Server installation path
"\Program Files\Microsoft\Exchange Server\v15\Bin"
Microsoft says that the step is necessary “because of additional security hardening work for
CVE-2022-21978,” which is one of the vulnerabilities addressed by the updates.
When running a Database Availability Group, do not forget to put the
Exchange Server Cluster(DAG) in maintenance mode.
Have a nice day!