Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages

Windows Logo

Microsoft has announced some major changes to the delivery process for security updates (SUs) and hotfixes (HFs) for Exchange Server. Starting with the May 2022 Security Updates, the company is now releasing some Exchange Server SUs and HFs as self-extracting auto-elevating executables.

Previously, Microsoft shipped all security updates as Windows Installer patch (.msp) files to Exchange Server customers. However, IT administrators often encountered difficulties while applying these updates due to insufficient permissions during the installation process. As a result, this issue could potentially put an Exchange server “in a bad state.”

Auto-Elevation of permissions to install Exchange Server Security Updates

Microsoft plans to resolve the issue with the auto-elevation of permissions. This installation method will be available in addition to the existing Windows Installer Patch format.

“Installation of .msp files happens in the security context of the account used to install the update. If User Account Control (UAC) is enabled (which we strongly recommend) and you manually install the update by double-clicking the .msp file, the installation process runs in a non-elevated mode, which often results in a bad server state,” the Exchange Server team explained yesterday. “The EXE package is a wrapper for the .msp file that ensures the installation runs with the required permissions.”

These new .exe packages will be available to download from the Microsoft Update Catalog. Users will simply need to double-click the .exe file and follow the on-screen instructions to manually install the updates. Once clicked, the installer will automatically check for admin-level permissions before allowing the setup to proceed. If granted, the .msp file will be extracted to the user’s temp folder, and the installation process will begin shortly.

The firm has also acknowledged a known issue that prevents the package from extracting the .msp file into the temp folder. The company is currently working on a fix and recommends customers to create the folder mentioned in the error message manually.

Microsoft to Ship Some Exchange Server Security Updates in .Exe Packages

Microsoft hopes that this new .exe update package experience should help customers to keep Exchange Servers up-to-date. However, this change will not impact Interim Updates (IUs) and Cumulative Updates (CUs), and you can find more details in Microsoft’s official blog post.