Published: Jan 27, 2023
Microsoft has recommended customers to deploy the latest January 2023 security updates on on-premises Exchange servers. The company urges IT admins to keep their Exchange servers patched to protect their organization from cyberattacks and security threats.
In a Techcommunity blog post, Microsoft raised an alarm that malicious actors are increasingly leveraging vulnerabilities to compromise unpatched Exchange servers in on-premises environments. It enables attackers to take complete control over unpatched Exchange instances and steal sensitive information. Moreover, they could access the address book to launch social engineering attacks.
“To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU (as of this writing, CU12 for Exchange Server 2019, CU23 for Exchange Server 2016, and CU23 for Exchange Server 2013) and the latest SU (as of this writing, the January 2023 SU). Exchange Server CUs and SUs are cumulative, so you only need to install the latest available one. You install the latest CU, then see if any SUs were released after the CU was released. If so, install the most recent (latest) SU,” the Exchange team explained.
Microsoft has detailed several steps that should be performed after installing an update on on-premises Exchange servers. First of all, IT admins are advised to run the Exchange Server Health Checker tool to find potential configuration issues that could impact the performance. It identifies unpatched Exchange servers and provides instructions about manual actions that need to be performed for updating the environment.
Additionally, Microsoft notes that administrators can use the SetupAssist script to fix any problems that might occur during the installation process. The Exchange team also published a troubleshooting guide to help IT admins address common problems that could occur during the installation of Exchange server cumulative and security updates.
Microsoft advises customers to deploy the latest updates for Windows Server and other dependent servers, including DNS and Active Directory. Moreover, the company has asked IT admins to provide feedback about improving the Exchange Server update experience in enterprise environments.