The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately.
These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange Online customers are protected from the vulnerabilities addressed in these SUs and do not need to take any action other than updating any on-premises Exchange servers.
These SUs are available for the following specific builds of Exchange Server:
|Be sure to visit Messageware Security Products for Microsoft Exchange Server. All enterprises with Exchange Servers should add security that provides on-premise systems with logon intelligence and security controls protecting the most widely used Exchange Server services, including OWA / Outlook Web, ECP, Autodiscover, ActiveSync, EWS, OAB, MAPI, Outlook Anywhere. Critical additions for all enterprises including those who believe they are protected by multi-factor authentication (MFA/2FA).|