You want to monitor the Exchange database index state crawling. If the content index is…
Microsoft released several Security Updates (SUs) for Microsoft Exchange Server to address vulnerabilities. Due to the critical nature of these vulnerabilities, we recommend that customers apply the updates to affected systems immediately to protect the environment.
Note: These vulnerabilities affect Microsoft Exchange Server. Exchange Online is not affected.
Exchange Server Security Updates
Microsoft has released Security Updates for vulnerabilities found in:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
These Security Updates are available for the following specific versions of Exchange:
Read more on how to Install Exchange Security Update.
If you are not at these Exchange Server CU versions, please update right now and apply the above patch.
Read more on how to Install Exchange Cumulative Update.
Vulnerabilities addressed in the August 2022 Security Updates were responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment.
Manual enablement of Windows Extended Protection
Addressing some of CVEs released this month requires admins to enable Windows Extended protection on your Exchange servers. To help you enable this feature, we have developed a script for this process. Please carefully evaluate your environment and review all known issues mentioned in the script documentation before enabling Windows Extended protection on your Exchange servers.
Please note that enabling Extended Protection (EP) is only supported on specific versions of Exchange (please see documentation for full list of prerequisites).
The current version of this script can be found at https://aka.ms/ExchangeEPScript and the documentation is at https://aka.ms/ExchangeEPDoc. For script and documentation changes and suggestions, please engage with us via GitHub to ensure proper issue and change tracking. The script provided to enable Extended Protection will automatically perform an automatic update if the computer on which it is executed has an internet connection (direct or via proxy). However, if you don’t have internet access, make sure to download the latest version of the script as we are continuously improving it.
Note: It is important that you fully understand Windows Extended Protection prerequisites and all known issues before running the script in your environment. Enabling Extended Protection affects communication between your Exchange servers and between clients and servers.
My organization is in Hybrid mode with Exchange Online. Do I need to do anything?
While Exchange Online customers are already protected, the August 2022 security updates do need to be applied to your on-premises Exchange Servers, even if they are used only for management purposes. You do not need to re-run the Hybrid Configuration Wizard (HCW) after applying updates.
Do I need to install the updates on “Exchange Management Tools only” workstations?
Servers or workstations running only Microsoft Exchange Management Tools (no Exchange services) do not need to apply these updates.
We skipped installation of May 2022 SU. Do we need to run /preparealldomains after we install the August SU?
When May 2022 SU was released, the /preparealldomains switch needed to be run manually to address a particular CVE. If you skipped the May 2022 SU and are going straight to August 2022 SU, you will still need to run /preparealldomains to address that particular CVE. Please see the May 2022 SU release post for more details. When in doubt, run HealthChecker which will tell you what you need to do!