Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages
Microsoft has announced some major changes to the delivery process for security updates (SUs) and hotfixes (HFs) for Exchange Server. Starting with the May 2022 Security Updates, the company is now releasing some Exchange Server SUs and HFs as self-extracting auto-elevating executables.
Previously, Microsoft shipped all security updates as Windows Installer patch (.msp) files to Exchange Server customers. However, IT administrators often encountered difficulties while applying these updates due to insufficient permissions during the installation process. As a result, this issue could potentially put an Exchange server “in a bad state.”
Auto-Elevation of permissions to install Exchange Server Security Updates
Microsoft plans to resolve the issue with the auto-elevation of permissions. This installation method will be available in addition to the existing Windows Installer Patch format.
“Installation of .msp files happens in the security context of the account used to install the update. If User Account Control (UAC) is enabled (which we strongly recommend) and you manually install the update by double-clicking the .msp file, the installation process runs in a non-elevated mode, which often results in a bad server state,” the Exchange Server team explained yesterday. “The EXE package is a wrapper for the .msp file that ensures the installation runs with the required permissions.”
These new .exe packages will be available to download from the Microsoft Update Catalog. Users will simply need to double-click the .exe file and follow the on-screen instructions to manually install the updates. Once clicked, the installer will automatically check for admin-level permissions before allowing the setup to proceed. If granted, the .msp file will be extracted to the user’s temp folder, and the installation process will begin shortly.
The firm has also acknowledged a known issue that prevents the package from extracting the .msp file into the temp folder. The company is currently working on a fix and recommends customers to create the folder mentioned in the error message manually.
Microsoft hopes that this new .exe update package experience should help customers to keep Exchange Servers up-to-date. However, this change will not impact Interim Updates (IUs) and Cumulative Updates (CUs), and you can find more details in Microsoft’s official blog post.
More in Exchange Server
M365 Changelog: (Updated) REST API for On-Premises Mailboxes Preview Ending
Mar 14, 2023 | Petri Staff
Microsoft Advises IT Admins to Remove Some Exchange Server Antivirus Exclusions
Feb 24, 2023 | Rabia Noureen
Microsoft Recommends IT Admins to Patch Exchange Servers
Jan 27, 2023 | Rabia Noureen
Microsoft Releases Exchange Server Updates to Improve Security of PowerShell Payloads
Jan 11, 2023 | Rabia Noureen
Microsoft Warns About New Zero-Day Vulnerabilities in Exchange Server
Sep 30, 2022 | Rabia Noureen
Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
Jul 27, 2022 | Rabia Noureen
Most popular on petri