Exchange Server March 2022 Security Updates Now Available

Microsoft is continuing its efforts to make their on-premise Exchange products more secure. With this month’s update, we see two CVE’s being fixed:

  • CVE-2022-24463
    • A spoofing vulnerability in Exchange 2016 and 2019 possibly exposing files on the Exchange Server to an authenticated attacker.
  • CVE-2022-23277
    • A remote code execution vulnerability in Exchange 2013, 2016 and 2019. An authenticated attacker could possibly execute malicious code as the Exchange Server’s computer account.

At the time of writing this article, Microsoft is not being aware of these exploits being actively used in the wild. However, as usual, it is highly recommended to update your systems as soon as you can.

How to get the update

You can either get the update directly through Windows Update, or from the corresponding Microsoft Tech Community article.

Alternatively, you can directly access the update for your corresponding Exchange CU level here:

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU21 and CU22
  • Exchange Server 2019 CU10 and CU11

Keep in mind that if you decide to get the update directly from Microsoft, that you MUST run the downloaded .msu file from an elevated command prompt! Failing to do so will most likely damage your Exchange installation.

Leave a comment

Your email address will not be published. Required fields are marked *