The big news for October is the Extended Security Update Program for Exchange Server 2019 and 2016. In this issue we’re covering:
- October updates for Messageware Software
- October updates for Exchange Server (SUs for SE/2019/2016)
- Microsoft Exchange 2019 / 2016 Extended Security Updates Program
- Microsoft Announces Retirement of Office Online Server
- Microsoft Windows 10 Extended Security Updates Program
October updates for Messageware Software
Messageware has released updates for EPG, ActiveSend and AttachView.
- Messageware EPG: Prevent password-based attacks and stop AD lockouts
- Messageware AttachView: Secure viewing of attachments everywhere
- Messageware ActiveSend: Allows sending of attachments by enabling Outlook Web to be the default mail client
All Messageware products are fully compatible with Exchange Server Subscription Edition (SE), the latest Cumulative Updates, and Security Updates.
Updates are available at: https://www.messageware.com/support/
See the Compatibility Matrix for matching versions: https://www.messageware.com/pdf/Compatibility-Matrix.pdf
October updates for Exchange Server (SUs for SE/2019/2016)
Microsoft has released the October 2025 Security Updates, representing the final publicly available updates for Exchange Server 2019 and 2016. These critical patches address three important vulnerabilities across Exchange Servers.
The October 2025 SUs are available for the following versions:
- Exchange Server SE Subscription Edition (SE) RTM
- Exchange Server 2019 Cumulative Update 15 (CU15)
- Exchange Server 2019 Cumulative Update 14 (CU14)
- Exchange Server 2016 Cumulative Update 23 (CU23)
Three vulnerabilities addressed:
- CVE-2025-53782: Elevation of Privilege Vulnerability (CVSS 7.3) involving incorrect authentication algorithm implementation
- CVE-2025-59248: Spoofing Vulnerability (CVSS 7.5) involving improper input validation
- CVE-2025-59249: Elevation of Privilege Vulnerability (CVSS 7.7) – the highest severity vulnerability in this update
Organizations running Exchange in hybrid mode must install these updates on on-premises servers, even if used exclusively for management purposes. The security updates are cumulative, allowing organizations to skip directly to the latest update without installing intermediate patches sequentially.
Read more here: https://www.messageware.com/october-2025-exchange-server-security-updates-released/
Microsoft Exchange 2019 / 2016 Extended Security Updates Program
For organizations that were unable to finalize migrations to Exchange SE, Microsoft has announced an Extended Security Update (ESU) program. This program provides an additional six months of critical and important security updates through April 14, 2026.
Key details about the ESU program can be found here: https://www.messageware.com/microsoft-announces-extended-security-update-program-for-exchange-server/
Microsoft Announces Retirement of Office Online Server
Microsoft has officially announced the retirement of Office Online Server, effective December 31, 2026, marking a significant shift for organizations that rely on on-premises browser-based document editing and viewing capabilities. After the December 2026 deadline, the platform will no longer receive security updates, bug fixes, or technical support, potentially exposing systems to security threats and compliance risks.
For organizations running Exchange Server environments—particularly those maintaining on-premises deployments for compliance or security reasons, finding a secure replacement for Office Online Server’s attachment viewing capabilities is critical. Messageware AttachView provides a proven solution that addresses this need. AttachView converts over 400 types of email attachments into secure HTML pages directly within Outlook Web.
Read more: https://www.messageware.com/microsoft-announces-retirement-of-office-online-server/
Microsoft Windows 10 Extended Security Updates Program
Microsoft has officially ended support for Windows 10, meaning the operating system will no longer receive technical support, feature updates, or regular security patches. For individuals and organizations unable to upgrade immediately to Windows 11, Microsoft has introduced the Windows 10 Extended Security Updates (ESU) program, providing an option to receive critical and important security updates through October 13, 2026.
This one-year extension is designed as a temporary measure to help users transition to supported platforms while maintaining protection against malware and cybersecurity attacks. Enrollment for individuals in the Windows 10 ESU program is available through three options:
- Paying $30 USD annually
- No charge with an enrolled Microsoft account
- Redeeming 1,000 Microsoft Rewards points
For commercial and educational organizations, ESU can be purchased for up to three years past the end of support date, with cumulative annual subscriptions required.
Read more: https://www.microsoft.com/en-us/windows/extended-security-updates
Fortify Your Server with Messageware Security
Data breaches have increased by 72%, servers are compromised in under 90 minutes. Ensure you have multiple layers of security software protecting your Windows Servers.
Z-Day Guard for All Windows Servers: Next-gen server protection, providing detection, alerting, and response (MDR) to zero-day and server penetration cyber-attacks. Leverages embedded monitoring technology that cannot be turned off by malicious software. No need to research complicated deployments and no learning curve to install and manage.
EPG Guard for Exchange Servers: Real-time security. Stop AD account lockouts, eliminate password attacks, intelligent GEO blocking, and prevent Exchange Server vulnerability probing.
Don’t leave your critical infrastructure vulnerable, be proactive and stay ahead of evolving threats.