CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
88.1%
This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):CVE-2022-23277 | Microsoft Exchange Server Remote Code Execution Vulnerability
When you try to manually install this security update by double-clicking the update file (.msp) to run it in Normal mode (that is, not as an administrator), some files are not correctly updated.When this issue occurs, you donβt receive an error message or any indication that the security update was not correctly installed. However, Outlook Web Access (OWA) and the Exchange Control Panel (ECP) might stop working.
This issue occurs on servers that are using User Account Control (UAC). The issue occurs because the security update doesnβt correctly stop certain Exchange-related services.
**Note:**This issue does not occur if you install the update through Microsoft Update.
To avoid this issue, follow these steps to manually install this security update:
1. Select Start, and typecmd.
2. In the results, right-click Command Prompt, and then selectRun as administrator.
3. If the User Account Control dialog box appears, verify that the default action is the action that you want, and then selectContinue.
4. Type the full path of the .msp file, and then press Enter.
Exchange services might remain in a disabled state after you install this security update. This condition does not indicate that the update is not installed correctly. This condition might occur if the service control scripts experience a problem when they try to return Exchange services to their usual state.
To fix this issue, use Services Manager to restore the startup type to Automatic, and then start the affected Exchange services manually. To avoid this issue, run the security update at an elevated command prompt. For more information about how to open an elevated Command Prompt window, see Start a Command Prompt as an Administrator.
When you block third-party cookies in a web browser, you might be continually prompted to trust a particular add-in even though you keep selecting the option to trust it. This issue occurs also in privacy window modes (such as InPrivate mode in Microsoft Edge). This issue occurs because browser restrictions prevent the response from being recorded. To record the response and enable the add-in, you must enable third-party cookies for the domain thatβs hosting OWA or Office Online Server in the browser settings. To enable this setting, refer to the specific support documentation for the browser.
When you try to request free/busy information for a user in a different forest in a trusted cross-forest topology, the request fails and generates a β(400) Bad Requestβ error message. For more information and workarounds to this issue, see β(400) Bad Requestβ error during Autodiscover for per-user free/busy in a trusted cross-forest topology.
5013118 Exchange Service Host service fails after installing March 2022 security update
This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.
To get the standalone package for this update, go to the Microsoft Update Catalog website.
You can get the standalone update package through the Microsoft Download Center.
For deployment information about this update, see March 8, 2022.
This security update replaces the following previously released updates:
Update name | File name | SHA256 hash |
---|---|---|
Exchange Server 2013 CU23 SU14 | Exchange2013-KB5010324-x64-en.msp | 2CE402A7B8FCADE2230464DF5800A115B2824BF293267830371294E5DAE4F1C9 |
For a list of the files that are provided in this security update, download the file information for security update 5010324.
Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
88.1%