Security Updates Exchange 2013-2019 (Jan2022)

Another year, another Patch Tuesday! A quick blog on January 2022’s security updates for Exchange Server 2013 up to 2019.

The vulnerabilities addressed in these security updates are:

CVE-2022-21969Remote Code ExecutionImportantCVSS:3.1 9.0 / 7.8
CVE-2022-21855Remote Code ExecutionImportantCVSS:3.1 9.0 / 7.8
CVE-2022-21846Remote Code ExecutionCriticalCVSS:3.0 9.0 / 7.8

Vulnerabilities mentioned in the table above are addressed in the following security updates.

Exchange 2019 CU11Download15.2.986.15KB5008631KB5007409
Exchange 2019 CU10Download15.2.922.20KB5008631KB5007409
Exchange 2016 CU22Download15.1.2375.18KB5008631KB5007409
Exchange 2016 CU21Download15.1.2308.21KB5008631KB5007409
Exchange 2013 CU23Download15.0.1497.28KB5008631KB5007409

More detailed information can be found at the original blog post here. The security update also fixes the OWA redirection problem for Exchange hybrid deployments introduced with the November security updates.

Be advised that these security updates are Cumulative Update level specific. You cannot apply the update for Exchange 2019 CU11 to Exchange 2019 CU10. Also, the security update download has the same name for different Cumulative Updates, and I would suggest tagging the file name with the CU level, e.g. Exchange2019-CU10-KBXXXXXX-x64-en.msp.

As a reminder, run the Security Update from an elevated command prompt to prevent issues during installation. In other words: Do not just double-click on the .MSP file. And on a final note, as with any patch or update, I’d recommend to apply this in a test environment first, prior to implementing it in production. However, it is not recommended to wait for regular maintenance cycles when it concerns security updates, and follow a more agile approach; the ratings are an indication of the urgency.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.